US charges 3 Iranians for hacking and extortion scheme against range of US organizations


Washington CNN  — 

Three Iranian nationals carried out a scheme to hack hundreds of organizations in the US and around the world, in some cases extorting them for personal monetary gain, the Justice Department alleged in an indictment unsealed on Wednesday.

The alleged victim organizations ranged from a domestic violence shelter in Pennsylvania, a power company in Mississippi and a municipality in Union County, New Jersey, according to charges brought in a federal court in New Jersey.

The indictment does not accuse the Iranians of carrying out those particular hacks on behalf of the Iranian government. However, in sanctioning the three Iranian men on Wednesday, the Treasury Department accused them of working for IT firms that are affiliated with the Iranian Revolutionary Guard Corps (IRGC).

In some cases, the Iranian hackers demanded hundreds of thousands of dollars in ransom payments to unlock computers, a senior Justice Department official told reporters Wednesday.

Iran’s Permanent Mission to the United Nations did not immediately respond to a request for comment on the Justice Department allegations.

For US officials, it’s the latest example of Iran tolerating or conducting reckless behavior in cyberspace that has cost US businesses, government agencies, and NATO allies alike. In a test for the Biden administration’s ability to help defend a NATO ally from hacking, the Albanian government has twice since July accused Iran of conducting hacks that have knocked Albanian government services offline.

The White House condemned Tehran for the initial hack in July and said US officials have been on the ground in Albania helping with the recovery. Iran denied the allegations.

The newly indicted Iranians – Mansour Ahmadi, Ahmad Khatib Aghda and Amir Hossein Nickaein Ravari – are believed to reside in Iran, according to the senior Justice Department official. The chances of the three Iranians being taken into US custody are slim unless they travel to a country with which the US has an extradition agreement.

“These three individuals are among a group of cybercriminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on,” FBI Director Christopher Wray said in a video statement Wednesday.

As part of the Wednesday crackdown on alleged Iranian hacking, the Treasury Department sanctioned Ahmadi, Aghda and Ravari as well as seven other Iranians, and accused them of working for Iranian IT firms affiliated with the Islamic Revolutionary Guard Corps. The State Department offered as much as a $10 million reward for on Ahmadi, Aghda and Ravari.

The Treasury announcement accused the Iranian hackers of conducting a slew of ransomware attacks, including one on Boston Children’s Hospital in June 2021. FBI officials say they were able to thwart the hackers and no damage was done to patient care.

Wray has called the incident “one of the most despicable cyberattacks I’ve ever seen.” Tehran denied involvement in the incident.

To try to blunt the impact of future IRGC-linked hacks, the US and allies such as Canada and the United Kingdom on Wednesday released an advisory on defending against the hackers’ tactics and techniques.

The Justice Department charges highlight the often blurred lines between the government and cybercriminal actors in countries such as Iran, according to some analysts.

“Recent announcements from US government agencies reinforce our understanding of the ecosystem of cyber operations in Iran, which is heavily reliant on third-party contractors for both the IRGC and the Ministry of Intelligence and Security,” said Saher Naumaan, principal threat intelligence analyst at BAE Systems, who tracks alleged Iranian hackers closely. “The companies are often front companies for the intelligence agencies, where the individuals are directly involved in operations or they can be on the periphery in support roles such as training academies.”

This story has been updated with additional developments and context.