Three Iranians are charged with mounting cyber-attacks on power companies, local governments and non-profits including domestic violence shelter
- The trio are accused of encrypting and stealing data from various networks
- They then threatened to release the data to extort their victims for huge sums
- It is thought the hackers acted largely for personal gain but a US Treasury announcement said they are linked to Iran’s Islamic Revolutionary Guard Corps
- Charges and sanctions brought against them will have little effect as the hackers are believed to be living in Iran, but could make it difficult for them to leave
Three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and even a domestic violence shelter, the Justice Department said yesterday.
The charges say the hacking suspects – Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari – of targeting hundreds of entities in the U.S. and around the world.
The trio are accused of encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made.
In some cases, such as that of the domestic violence shelter, the victims were forced to pay the ransom to recover their data.
Authorities said the hackers extorted money ‘largely’ for their own accounts, and not for the Iranian government.
But a separate US Treasury announcement of sanctions said the three were part of a larger hacking group tied to Iran’s powerful Islamic Revolutionary Guard Corps (IRGC), and the US State Department has offered a $10 million reward for information on them.
The alleged hackers face little chance of being arrested as they are believed to be living freely in Iran, though A Justice Department official said the charges brought would make it ‘functionally impossible’ for them to leave the country.
The charges accuse the hacking suspects – Mansour Ahmadi (L), Ahmad Khatibi Aghda (C), and Amir Hossein Nikaeen Ravari (R) – of targeting hundreds of entities in the U.S. and around the world
The three defendants are accused of exploiting known or publicly disclosed vulnerabilities in software applications to break into the victims’ computer networks
The alleged hacking took place between October 2020 through last month, when the indictment was issued under seal.
The case was filed in federal court in New Jersey, where a municipality and an accounting firm were among the victims.
The three defendants are accused of exploiting known or publicly disclosed vulnerabilities in software applications to break into the victims’ computer networks.
Prosecutors say the victims were seen by the defendants as targets of opportunities.
They included a domestic violence shelter in Pennsylvania, which the indictment says was extorted out of $13,000 to recover its hacked data; electric utilities in Indiana and Mississippi; a county government in Wyoming; and a construction company in Washington state.
In a related action Wednesday, the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran’s IRGC who it says have been involved in malicious cyber activities, including ransomware.
The Biden administration has tried to go after hackers who have held U.S. targets essentially hostage, often sanctioned or sheltered by adversaries.
The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.
Iran-based hackers have also been a focus over the last year, with the FBI thwarting a planned cyberattack on a children’s hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government.
‘The cyber threat facing our nation is growing more dangerous and complex every day,’ FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday.
‘Today’s announcement makes clear the threat is both local and global. It’s one we can’t ignore and it’s one we can’t fight on our own, either.’
FBI Director Christopher Wray yesterday said U.S. defence and intelligence agencies ‘cannot afford to ignore’ the threat presented by bad actors and hackers
US Treasury (pictured) announced sanctions against the hackers and said the three were part of a larger hacking group tied to Iran’s powerful Islamic Revolutionary Guard Corps (IRGC)
A Treasury Department official said the activity, even if not directed by the Iranian government, exists because the regime permits hackers to largely operate with impunity.
John Hultquist, vice president for threat intelligence at the cybersecurity firm Mandiant, said his team has been tracking the Iranian actors for some time and assessed they are contractors for the Revolutionary Guard who have been moonlighting as criminal hackers.
He said they are especially dangerous because ‘any access they gain could be served up for espionage or disruptive purposes.
The actions come amid an apparent stalemate in talks between the U.S. and Iran over the possible revival of a 2015 nuclear deal.
Israel and some U.S. lawmakers of both parties are pushing the Biden administration to get tougher on Iran, calling the negotiations on Iran’s nuclear program a failure.
Source: Read Full Article
