Three Iranians charged in US cyber attacks case

Officials say the men's actions affected people in the US, the UK and Israel

The US Justice Department has charged three Iranians suspected of staging ransomware attacks. Reuters
Beta V.1.0 - Powered by automated translation

The US Justice Department has said three Iranian citizens have been charged with staging ransomware attacks that affected power companies, local governments, small businesses and non-profit organisations, including a domestic violence shelter.

The men are accused of attacking hundreds of entities in the US and around the world, encrypting and stealing data from networks and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made.

In some cases, the victims made those payments, the department said.

The case was filed in federal court in New Jersey, where a municipality and an accounting firm were among the victims.

The alleged hackers, Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari, all Iranian citizens, reportedly committed their crimes from inside their home country.

The hackers are not believed to have been working on the Iranian government's behalf, but for their own financial gain, a Justice Department official told reporters on the condition of anonymity. The official said that some of the victims were in Iran.

The official said the pending charges made it “functionally impossible” for the hackers to leave Iran.

US Justice authorities announced an indictment against three Iranians who allegedly used ransomware to extort a battered women's shelter and a power company. AFP

“As of now, each of them are fugitives. By charging them in this indictment, by publicly naming them, we are stripping their anonymity away,” US Attorney for the District of New Jersey, Philip R Sellinger, told reporters.

“They cannot operate anonymously from the shadows any more. We have put a spotlight on them as wanted criminals.”

Meanwhile, the US Treasury imposed new sanctions on Iranian individuals and entities linked to the Islamic Revolutionary Guard Corps for what it called “malicious” cyber activity.

Ten Iranians and two entities were sanctioned by the US Treasury's Office of Foreign Assets Control, the department said.

Washington accuses the IRGC of conducting a global terrorism campaign by funding and arming proxy forces around the world.

The Treasury said an IRGC-linked group is known to have exploited software vulnerabilities to conduct ransomware activities. The department accused the group of carrying out campaigns against people in the US and Middle East as well as private entities.

The group comprises employees and affiliates of Najee Technology Hooshmand Fater LLC and Afkar System Yazd Company.

“Ransomware actors and other cyber criminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board — directly threatening the physical security and economy of the United States and other nations,” said Brian Nelson, Treasury under secretary for terrorism and financial intelligence.

Agencies contributed to this report

Updated: September 15, 2022, 2:31 PM