Three Iranian Citizens Indicted in Widespread Hacking Campaign in US | Government & Politics

The indictment says the alleged hackers targeted hundreds of entities in the U.S. and around the world, encrypted and stolen data from victims’ networks, and made the data public unless an exorbitant ransom was paid. or threatening to keep it encrypted. In some cases, the victims made the payments, the ministry said.

The Biden administration tried to track down hackers They essentially hold US targets hostage, often sanctioned or protected by adversaries.The threat was discovered by a Russian-based hacker group in May 2021. accused of going A ransomware attack on the Georgia-based Colonial Pipeline disrupted gas supplies along the East Coast.

Iran-based hackers were also in the spotlight last year. FBI thwarts plot to attack Boston Children’s Hospital It was supposed to have been carried out by Iranian government-backed hackers.

FBI Director Christopher Wray said in a statement accompanying the sealed indictment on Wednesday, “The cyber threats facing our nation are becoming more dangerous and complex by the day.” is both local and global, something we cannot ignore and something we cannot fight alone.

The hackers named in Wednesday’s indictment are believed not to have worked for the Iranian government but for their own financial gain, a senior Justice Department official briefed reporters on the incident. Some of the victims were in Iran, according to the agency, on terms of anonymity based on basic rules set by the department.

But officials said the activity exists because the regime allows the majority of hackers to operate with impunity, even if it wasn’t directed by the Iranian government.

In a related action Wednesday, the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two organizations affiliated with Iran’s Islamic Revolutionary Guard Corps for engaging in malicious cyber activities, including ransomware. Did. The Treasury Department has identified three defendants in the Justice Department lawsuit as employees of technology companies affiliated with the Revolutionary Guard.

John Hultquist, vice president of threat intelligence at cybersecurity firm Mandiant, said his team has been tracking Iranian attackers for some time and is a contractor for the Revolutionary Guards Corps who has a side job as a criminal hacker. said it had determined that He said they were particularly dangerous.

the action is obvious stalemate At talks between the United States and Iran over a possible revival of the 2015 nuclear deal. Israel and some U.S. lawmakers from both parties boost the Biden administration He calls the negotiations on Iran’s nuclear program a failure, and strengthens his hardline stance on Iran.

The three accused hackers are believed to be in Iran and have not been arrested, but Justice Department officials said pending indictments made it “functionally impossible for them to leave the country.” ” said.

The lawsuit was filed in federal court in New Jersey and included a municipality and an accounting firm among its victims.

The alleged hack took place between October 2020 and last month when the indictment was sealed. His three defendants, Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari, are accused of exploiting known or disclosed vulnerabilities in software applications to infiltrate victims’ computer networks.

Prosecutors say the victim was seen as a target of opportunity for the defendant.

According to the indictment, $13,000 was extorted to restore the hacked data. Power companies in Indiana and Mississippi. Wyoming county government. A construction company in Washington state.

Associated Press writers Fatima Hussain and Ellen Nickmayer of Washington and Frank Bajak of Boston contributed to this report.

Follow Eric Tucker on Twitter. http://www.twitter.com/etuckerAP.