According to the Justice Department, three Iranian citizens have been accused in the US with conducting ransomware attacks against power companies, local governments, small businesses, and charitable organizations, including a refuge for battered women.
The allegations against the suspected hackers allege that they attacked hundreds of organizations in the United States and abroad, encrypted and stole data from victim networks, and threatened to make the data public or leave it encrypted unless huge ransom payments were made. The victims did make some of those payments, according to the department.
The Biden administration has made an effort to pursue hackers who have effectively held American targets captive, frequently with the approval or protection of enemies. When a Russian hacking gang was accused of attacking Georgia’s Colonial Pipeline with ransomware in May 2021, disrupting gas supply along the East Coast, the issue rose to prominence.
The FBI prevented a planned cyberattack on a children’s hospital in Boston that was going to be carried out by hackers supported by the Iranian government. Iran-based hackers have also been a focus during the past year.
In a statement that was released along with the indictment on Wednesday, FBI Director Christopher Wray stated that “the cyber threat facing our nation is growing more serious and complicated every day.” “Today’s announcement clearly shows that there is a local as well as a global threat. We can’t ignore it, and we can’t defeat it on our own either.
A senior Justice Department official who briefed reporters on the case on the condition of anonymity in accordance with departmental ground rules said that the hackers named in Wednesday’s indictment are thought to have worked for their own financial gain rather than on behalf of the Iranian government, and some of the victims were even in Iran.
However, the official claimed that the activity still takes place since the Iranian state allows hackers to work mostly unchecked.
In a separate move on Wednesday, the Office of Foreign Assets Control of the Treasury Department imposed sanctions on 10 people and two organizations connected to the Iranian Islamic Revolutionary Guard Corps that it claims were engaged in destructive cyber activity, including ransomware. The three defendants in the Justice Department lawsuit were named by the Treasury Department as working for Revolutionary Guard-affiliated technological companies.
The Revolutionary Guard contractors who were moonlighting as criminal hackers, according to John Hultquist, vice president for threat intelligence at the cybersecurity company Mandiant, have been following the Iranian actors for some time. They are particularly dangerous, he claimed, since “any access they secure could be used for espionage or disruptive activities.
The moves take place while negotiations between the United States and Iran over the potential resurrection of a 2015 nuclear deal appear to be at a standstill. Israel and a few senators from both parties in the United States are urging the Biden administration to be more aggressive with Iran and labeling the nuclear talks a failure.
Although the three alleged hackers are believed to remain in Iran and are not in custody, a Justice Department official claimed that their ability to leave the nation is “practically impossible” due to the ongoing legal proceedings.
A town and an accounting firm were two of the victims in the federal court lawsuit in New Jersey.
Between October 2020 and last month, when the indictment was released under seal, the suspected hacking allegedly took place. Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari, the three defendants, are charged with breaking into the victims’ computer networks using known or openly revealed vulnerabilities in software applications.
According to the prosecution, the defendants viewed the victims as potential targets for opportunities.
These included electric utilities in Indiana and Mississippi, a county government in Wyoming, a construction company in Washington state, and a domestic violence shelter in Pennsylvania, which the indictment alleges was coerced into paying $13,000 to restore its stolen data.