DOJ Charges 3 Iranian Nationals for Cyberattacks Targeting Local US Governments

DOJ Charges 3 Iranian Nationals for Cyberattacks Targeting Local US Governments
Attorney General Merrick Garland makes remarks at a press conference at the Department of Justice in Washington on Aug. 5, 2021. (Kevin Dietsch/Getty Images)
Jack Phillips

The Department of Justice (DOJ) on Wednesday charged three Iranian nationals for alleged cyber attacks targeting U.S. infrastructure and local governments.

An indictment (pdf) that was unsealed in a federal court alleged that Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari engaged in a series of ransomware schemes starting in October 2020 to hack computer systems across the United States, Israel, Russia, the United Kingdom, Iran, and elsewhere.
"The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” Assistant Attorney General Matthew G. Olsen said in a statement, claiming that the Iranian regime has failed "to follow international norms and stop Iranian cyber criminals" targeting individuals even within Iran.

Within the United States, the three targeted a broad range of organizations such as businesses, government agencies, nonprofits, religious groups, and educational entities, the DOJ said. Healthcare centers, transportation services, and utility companies were also targeted.

Officials said the hackers were thwarted before they could do actual damage to critical infrastructure. Some victims, however, paid ransom to the individuals to regain access to their computer systems, the DOJ said.

The three alleged hackers broke into the networks of a New Jersey local government, a Mississippi power company, an Indiana utility, a domestic violence shelter in Pennsylvania, and others, according to the court document.

According to the indictment, the Iranians in March of this year allegedly demanded $50,000 in cryptocurrency from a New Jersey accounting company after breaching its computer system. Khatibi then allegedly emailed a representative of the company, asking: "Are you ready to pay?"

And in another one, he alleged that he locked "more than 20 systems" and demanded: "If you don't want to pay, I can sell your data on the black market. This choice is yours."

DOJ officials said the three men are believed to still reside in Iran. The United States and Iran haven't resumed official diplomatic relations since the revolution that installed the current regime in Tehran four decades ago, meaning that it's unlikely the three suspects will ever be extradited to the United States to be tried in an American court.

“These three individuals are among a group of cybercriminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on,” FBI Director Christopher Wray said in a statement.

The suspects targeted "known vulnerabilities" within victims' systems before encrypting and stealing data from the networks. They then would threaten to release the stolen data if they weren't paid a ransom.

Jack Phillips is a senior reporter for The Epoch Times based in New York. He covers breaking news.
Related Topics