The Justice Department unsealed an indictment against three Iranian nationals on Wednesday, accusing them of participating in a plot to hack hundreds of organizations in the US and around the world, in some cases extorting them for personal financial gain.
According to allegations filed in a New Jersey federal court, the accused victim groups span the country from a domestic violence shelter in Pennsylvania to a power company in Mississippi to a town in Union County, New Jersey.
It is not claimed in the indictment that the Iranians were behind those specific hacks on behalf of the Iranian government. The three Iranian individuals were sanctioned by the Treasury Department on Wednesday on allegations that they worked for IT firms with ties to the Iranian Revolutionary Guard Corps (IRGC).
A senior Justice Department official told reporters on Wednesday that Iranian hackers have sought hundreds of thousands of dollars in ransom payments in order to unlock computers.
A request for comment on the Justice Department’s claims was not immediately met by Iran’s Permanent Mission to the United Nations.
As far as US authorities are concerned, this is only the most recent instance of Iran either engaging in or permitting risky action in cyberspace, with disastrous consequences for American commercial interests, government operations, and NATO partners. The Albanian government has twice since July accused Iran of perpetrating hacks that have taken Albanian government services offline, testing the Biden administration’s ability to assist defend a NATO partner against hacking.
The White House said that American officials are currently in Albania aiding in the recovery efforts and that they had chastised Tehran for the original hack in July. Iran has strongly refuted the accusations.
The senior Justice Department official said the freshly indicted Iranians, Mansour Ahmadi, Ahmad Khatib Aghda, and Amir Hossein Nickaein Ravari, are now located in Iran. Unless the three Iranians travel to a country with whom the United States has an extradition agreement, the likelihood of them being taken into US custody is low.
FBI Director Christopher Wray said in a video statement on Wednesday that these three suspects were part of a larger group of cybercriminals whose attacks were a “direct assault” on the key infrastructure and public services on which the public relies.
On Wednesday, the Treasury Department sanctioned seven Iranians, including Ahmadi, Aghda, and Ravari, on the grounds that they worked for Iranian IT firms with ties to the Islamic Revolutionary Guard Corps, which is being blamed for a spate of recent hacking incidents. Up to $10 million was being given by the State Department for information leading to the capture of Ahmadi, Aghda, and Ravari.
At least one ransomware attack, on Boston Children’s Hospital in June 2021, was blamed on Iranian hackers in a Treasury Department statement. Officials from the FBI have stated that they were successful in foiling the hackers and that no harm was done to patient care as a result.
Wray termed it “one of the most horrific cyberattacks I’ve ever seen,” while Tehran denied any involvement.
On Wednesday, the United States and its allies, including Canada and the United Kingdom, released an advise on how to protect against the methods used by the IRGC hackers.
Some commentators have pointed out that the accusations brought by the Justice Department show how the lines between the government and cybercriminal actors are often blurred in nations like Iran.
The principal threat intelligence analyst at BAE Systems, Saher Naumaan, who keeps a close eye on alleged Iranian hackers, commented on recent announcements from US government agencies that “reinforce our understanding of the ecosystem of cyber operations in Iran,” which is heavily reliant on third-party contractors for both the IRGC and the Ministry of Intelligence and Security. When it comes to intelligence agencies, “the companies are typically front companies where the individuals are directly involved in activities or can be on the perimeter in support positions, such as training academies.”
