US Justice Department Charges Three Iranian Citizens for Major Hacking Campaigns

Earlier this year, several major ransomware attacks targeted power supply companies, regional utilities, private businesses, and even non-profit organizations in the U.S. On Wednesday, the U.S. Department of Justice announced it had charged three Iranian citizens for participating in or conducting the massive hacking attacks, in which data has been encrypted or stolen from the victims’ networks. The attackers tried to extort hundreds of thousands of dollars from their victims in exchange for decrypting compromised data or not releasing it to the public. Some of the victims actually paid the requested amounts, according to the officials.

The alleged hacking attacks took place between October 2020 through last month, while the three defendants are identified as Mansour Ahmadi, Amir Hossein Nickaein Ravari, and Ahmad Khatibi Aghda. They are accused of exploiting known or publicly disclosed vulnerabilities to break into the targeted networks. The case was filed in New Jersey, as a municipality and an accounting firm based there were among the victims.

Authorities Primed To Crack Down On Cybercrooks

The authorities have been investigating the hacking attacks for quite a while now. Yet, the cyber threats had become particularly severe since May this year, when a Russian-based hacking group was suspected of a ransomware attack against Colonial Pipeline that disrupted gas supplies in large parts of the country. Iranian hackers have come under the radar as the FBI managed to prevent a cyberattack targeting a children’s hospital in Boston and planned by hackers supported by the Iranian government.

According to FBI officials, the three Iranian hackers named this week have not been sponsored by the state and have instead acted on their own behalf and aimed for financial gains. Yet, even if not assigned by the Iranian government, such malicious activities are possible because of regime neglect that lets cybercriminals operate freely and under no prosecution, the U.S. official said. Some of the suspects’ targets are based in Iran, while the three accused hackers are still in the country, facing little chance of getting arrested. According to Justice Department officials, though, the pending charges make it “functionally impossible” for them to leave Iran.

In a related action, the Treasury Department's Office of Foreign Assets Control sanctioned ten individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps on Wednesday. These have supposedly been involved in cybercrimes, including ransomware. Also, the Treasury Department identified the three Iranian defendants as employees of Iranian technology firms affiliated with the Revolutionary Guard.

These events happen in the background of deadlock talks between the U.S. and Iran over a potential revival of a 2015 nuclear deal. Recently, there has been pressure on the Biden administration from both U.S. lawmakers and Israel to push the negotiations more decisively, as these have often been called a failure so far.