AP

3 Iranian citizens charged in broad hacking campaign in US

Sep 14, 2022, 8:40 AM | Updated: Sep 19, 2022, 1:55 pm

WASHINGTON (AP) — The Justice Department said Wednesday that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.

The charges accuse the hacking suspects of targeting hundreds of entities in the U.S. and around the world, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made. In some cases, the victims made those payments, the department said.

The Biden administration has tried to go after hackers who have held U.S. targets essentially hostage, often sanctioned or sheltered by adversaries. The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.

Iran-based hackers have also been a focus over the last year, with the FBI thwarting a planned cyberattack on a children’s hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government.

“The cyber threat facing our nation is growing more dangerous and complex every day,” FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday. “Today’s announcement makes clear the threat is both local and global. It’s one we can’t ignore and it’s one we can’t fight on our own, either.”

The hackers named in Wednesday’s indictment are not believed to have been working on behalf of the Iranian government but instead for their own financial gain, and some of the victims were even in Iran, according to a senior Justice Department official who briefed reporters on the case on the condition of anonymity under ground rules set by the department.

But the official said the activity, even if not directed by the Iranian government, exists because the regime permits hackers to largely operate with impunity.

In a related action Wednesday, the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps who it says have been involved in malicious cyber activities, including ransomware. The Treasury Department identified the three defendants in the Justice Department case as employees of technology firms it says is affiliated with the Revolutionary Guard.

John Hultquist, vice president for threat intelligence at the cybersecurity firm Mandiant, said his team has been tracking the Iranian actors for some time and assessed they are contractors for the Revolutionary Guard who have been moonlighting as criminal hackers. He said they are especially dangerous because “any access they gain could be served up for espionage or disruptive purposes.

The actions come amid an apparent stalemate in talks between the U.S. and Iran over the possible revival of a 2015 nuclear deal. Israel and some U.S. lawmakers of both parties are pushing the Biden administration to get tougher on Iran, calling the negotiations on Iran’s nuclear program a failure.

The three accused hackers are thought to be in Iran and have not been arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country.

The case was filed in federal court in New Jersey, where a municipality and an accounting firm were among the victims.

The alleged hacking took place between October 2020 through last month, when the indictment was issued under seal. The three defendants — identified as Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari — are accused of exploiting known or publicly disclosed vulnerabilities in software applications to break into the victims’ computer networks.

Prosecutors say the victims were seen by the defendants as targets of opportunities.

They included a domestic violence shelter in Pennsylvania, which the indictment says was extorted out of $13,000 to recover its hacked data; electric utilities in Indiana and Mississippi; a county government in Wyoming; and a construction company in Washington state.

___

Associated Press writers Fatima Hussein and Ellen Knickmeyer in Washington and Frank Bajak in Boston contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Most Americans are sleepy new Gallup poll finds...

Associated Press

Most Americans say they don’t get enough sleep, according to new Gallup poll

A new Gallup poll found that most Americans are sleepy — or, at least, they say they are. Multiple factors play into this.

8 hours ago

Near-total abortion ban in Arizona dates back to Civil War era...

Associated Press

Near-total abortion ban dates back to 1864, during the Civil War, before Arizona was a state

The near-total abortion ban resurrected last week by the Arizona Supreme Court dates to 1864, when settlers were encroaching on tribal lands.

9 hours ago

Tracy Toulou...

Associated Press

How to tackle crime in Indian Country? Empower tribal justice, ex-Justice Department official says

A recently retired director of the Justice Dept. says the federal government hasn't given tribal justice systems equal recognition.

1 day ago

Speaker of the House Mike Johnson...

Associated Press

House Speaker Mike Johnson says he will push for aid to Israel and Ukraine this week

House Speaker Mike Johnson said Sunday he will try to advance wartime aid for Israel this week, along with funding for Ukraine.

1 day ago

President Joe Biden speaks at a campaign rally Saturday, March 9, 2024, at Pullman Yards in Atlanta...

Associated Press

US shoots down ‘nearly all’ Iran-launched attack drones as Biden vows support for Israel’s defense

Joe Biden cut short a weekend stay at his beach house to meet with his national security team as Iran launched an attack against Israel.

3 days ago

Follow @ktar923...

Sponsored Content by Condor Airlines

Condor Airlines can get you smoothly from Phoenix to Frankfurt on new A330-900neo airplane

Adventure Awaits! And there's no better way to experience the vacation of your dreams than traveling with Condor Airlines.

Sponsored Articles

...

COLLINS COMFORT MASTERS

Here are 5 things Arizona residents need to know about their HVAC system

It's warming back up in the Valley, which means it's time to think about your air conditioning system's preparedness for summer.

...

DISC Desert Institute for Spine Care

Sciatica pain is treatable but surgery may be required

Sciatica pain is one of the most common ailments a person can face, and if not taken seriously, it could become one of the most harmful.

...

Fiesta Bowl Foundation

The 51st annual Vrbo Fiesta Bowl Parade is excitingly upon us

The 51st annual Vrbo Fiesta Bowl Parade presented by Lerner & Rowe is upon us! The attraction honors Arizona and the history of the game.

3 Iranian citizens charged in broad hacking campaign in US