US accuses 3 Iranians of hacking and extortion against a series of US organizations

The alleged victim organizations ranged from a domestic violence shelter in Pennsylvania, to a power company in Mississippi and a municipality in Union County, New Jersey, according to charges filed in federal court in New Jersey.

The indictment does not accuse the Iranians of carrying out these particular hacks on behalf of the Iranian government. However, in sanctioning the three Iranian men on Wednesday, the Treasury Department accused them of working for IT companies affiliated with Iran’s Revolutionary Guard Corps (IRGC).

In some cases, Iranian hackers have demanded hundreds of thousands of dollars in ransom to unlock computers, a senior Justice Ministry official told reporters on Wednesday.

Iran’s Permanent Mission to the United Nations did not immediately respond to a request for comment on the Justice Department’s allegations.

For US officials, it is the latest example of Iran condoning or leading reckless behavior in cyberspace that has cost US companies, government agencies and NATO allies. In a test of the Biden administration’s ability to help defend a NATO ally from hacking, the Albanian government has twice since July accused Iran of carrying out hacks that took government services offline. Albanian.

The White House condemned Tehran for the initial hack in July and said US officials were on the ground in Albania to help with the recovery. Iran has denied the allegations.

The newly indicted Iranians – Mansour Ahmadi, Ahmad Khatib Aghda and Amir Hossein Nickaein Ravari – are believed to reside in Iran, according to the senior Justice Ministry official. The chances that the three Iranians will be detained by the United States are slim unless they travel to a country with which the United States has an extradition agreement.

“These three individuals are part of a group of cybercriminals whose attacks represent a direct attack on the critical infrastructure and public services on which we all depend,” FBI Director Christopher Wray said in a video statement Wednesday.

As part of Wednesday’s crackdown on alleged Iranian hacking, the Treasury Department sanctioned Ahmadi, Aghda and Ravari along with seven other Iranians, and accused them of working for Iranian IT companies affiliated with the Revolutionary Guard Corps Islamic. The State Department has offered up to $10 million in rewards for Ahmadi, Aghda and Ravari.

The Treasury announcement accuses Iranian hackers of carrying out a series of ransomware attacks, including one against Boston Children’s Hospital in June 2021. FBI officials say they were able to thwart the hackers and that no harm was done to patient care.

Wray called the incident “one of the most despicable cyberattacks I have ever seen”. Tehran has denied any involvement in the incident.
In an attempt to mitigate the impact of future IRGC-related hacks, the United States and allies such as Canada and the United Kingdom issued an advisory on defending against hacker tactics and techniques on Wednesday.

The Justice Department charges highlight the often blurred lines between government and cybercriminal actors in countries like Iran, some analysts say.

“Recent announcements from US government agencies reinforce our understanding of Iran’s cyber operations ecosystem, which relies heavily on third-party contractors for the IRGC and the Ministry of Intelligence and Security,” said Saher Naumaan, senior official. threat intelligence at BAE. Systems, which closely follows suspected Iranian hackers. “Companies are often front companies for intelligence agencies, where individuals are directly involved in operations or they may be on the periphery in supporting roles such as training academies.”

This story has been updated with additional developments and context.

CNN’s Jennifer Hansler contributed reporting.


Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button