Tag Archive for: Iranian

Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against U.S. Critical Infrastructure

/in


An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims.

As alleged in the indictment, from October 2020 through the present, Mansour Ahmadi, aka Mansur Ahmadi, 34; Ahmad Khatibi Aghda, aka Ahmad Khatibi, 45; and Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin, 30, engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims.

“The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “This indictment makes clear that even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.”

The defendants’ hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems. Ahmadi, Khatibi, Nickaein and others also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made.

The defendants victimized a broad range of organizations, including small businesses, government agencies, nonprofit programs and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including health care centers, transportation services and utility providers.

“Ransom-related cyberattacks — like what happened here — are a particularly destructive form of cybercrime,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “No form of cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to…

Source…

Iranian nationals charged in alleged ransomware conspiracy | WKHM-AM

/in


Witthaya Prasongsin/Getty Images

(NEWARK, N.J.) — Three Iranian nationals attempted to hack into hundreds of computers in the U.S. and around the world, demanding, and sometimes getting, a ransom, according to an indictment unsealed Wednesday.

The four-count grand jury indictment returned in Newark federal court charged the trio with hacking conspiracy, two counts of computer hacking and a count of computer extortion over an alleged ransomware conspiracy that targeted a range of organizations and critical infrastructure sectors such as healthcare centers, power companies and transportation services inside the U.S. and abroad.

Mansour Ahmadi, Ahmad Aghda, and Amir Ravari hacked into hundreds of computers inside the U.S. and around the world by often exploiting known vulnerabilities in network devices or software programs, the indictment said.

Once they gained access to an organization or company’s software, they would use a program known as BitLocker to encrypt data on their victims’ systems and demand a ransom either by threatening to release stolen data or keeping the data encrypted unless they were paid — at times making demands for hundreds of thousands of dollars, according to the court filing.

The three men would often send their demands to office printers. Prosecutors detailed some of the correspondence they had with their victims. Some of those targeted include a domestic violence center, which Khatibi is alleged to have extorted $13,000 from, a housing authority, which he demanded $500,000 ransom from, and the computer systems of a U.S. township and county, the indictment said.

The indictment did not allege involvement by the government of Iran. Instead, the three demanded the money be paid to themselves, it said, although a U.S. official told reporters the Iranian government’s lax laws could share the blame for failing go after actors who engage in this type of alleged conspiracy. The official said all three men are still believed to be within Iran and have not been arrested, and acknowledged it’s unlikely any will see the inside of a U.S. courtroom.

Accompanying the announcement of the indictment, the FBI will release a new joint cybersecurity bulletin…

Source…

Iranian Cyberspy Caught on Zoom Trying to Hack U.S. Target

/in


iran hacker video phishing attempt iran-hacker-video.jpg - Credit: Adobe Stock

iran hacker video phishing attempt iran-hacker-video.jpg – Credit: Adobe Stock

Last month, a U.S. academic logged into a Zoom meeting with “Samuel Valable.” The academic had heard from “Valable” via a LinkedIn account, suggesting the two meet. When the academic logged on, the figure on the other end came through in grainy stills, blaming a bad internet connection for his lack of live footage. Midway through the conversation, he dropped what appeared to be a Google Books link into the Zoom chat. “This is the book that I use as my main material. It’s down here. I sent it in the little chat box,” says “Valable” in the video as a web link with the name “googlebook” appears in the Zoom chat window.

The academic became suspicious, and thanks to some quick thinking — and with the help of a group of cybersecurity researchers — they’ve captured the first-known public live action-recording of an Iranian cyber-spy at work.

More from Rolling Stone

The real Samuel Valable, a French biologist, was nowhere near the Zoom call. Instead, the academic was Zooming with a member of “Charming Kitten,” a cybersecurity industry nickname for a group of hackers affiliated with Iran’s Islamic Revolutionary Guard Corps intelligence organization. And the “Google Book” link was actually a phishing link designed to trick users into “signing in” to a real-looking Google Accounts page and steal their password.

The U.S. academic — who shared the story on the condition of anonymity — wasn’t fooled. Instead, they recorded the call and sent it to the Computer Emergency Response Team in Farsi (CERTFA), a cybersecurity research group that tracks Iranian hackers. The fake links used by the hackers pointed to infrastructure previously used by and attributed to Charming Kitten.   

Live action role playing by a trained, english-speaking impersonator over Zoom represents the next phase of an evolving Iranian hacking campaign. The “Distinguished Impersonator” tactic —  first identified by CERTFA  — moves past traditional tricks like phishing emails and instead present targets with a more reassuring lure—a talking, seemingly authentic representation of a trusted public…

Source…

House cleaner sentenced to 3 years for snooping on Gantz for Iranian hackers

/in


A former cleaner at Defense Minister Benny Gantz’s private residence who was charged with spying for Iranian hackers late last year will serve three years in prison as part of a plea deal reached with the prosecution, the Rishon Lezion District Court ruled Tuesday.

Lod resident Omri Goren, 38, was found guilty of attempting to pass on information to an enemy entity. Under the plea deal, the espionage charges that were originally included in the indictment were dropped.

“[Goren] is not a spy and this isn’t a spying scandal,” said attorneys Gal Wolf and Anat Yaari, Goren’s representatives from the public defender’s office, after his sentencing.

“This is about a man who found himself entangled in debt and identified a security breach,” they added.

Goren largely admitted to the allegations against him throughout the investigation but repeatedly denied that he knowingly offered to help Iran.

“Who says it was the Iranians? It was hackers on Telegram,” Goren told reporters while appearing in court via video link in December.

However, his interrogation suggested that he was well aware of the hackers’ Iranian affiliation, saying he had planned to trick them by collecting their money without providing them with anything.

“If they would have waited a few days before arresting me they’d see that I’m not a spy. I wanted to trick the Iranians and take their money without sending them any photo or documents,” Goren said during his interrogation, according to Channel 12.

Illustrative: Defense Minister Benny Gantz and his wife Revital pose for photos at their home in Rosh Haayin, Israel, September 13, 2019. (AP Photo/Oded Balilty)

Goren was arrested in November last year. According to the indictment, he had contacted hackers from the Iranian-affiliated group Black Shadow on Telegram and offered to provide them with information about Gantz in exchange for money.

He also reportedly offered to plant a bug on Gantz’s computer in exchange for…

Source…