Tag Archive for: nationals

Three Iranian nationals charged with hacking New Jersey targets

/in


The U.S. Department of Justice unsealed an indictment Sept. 14 charging three Iranian nationals with allegedly running a massive, global ransomware operation that hacked into the computer networks of multiple U.S. victims, including several in the Garden State.

The indictment charges Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari of engaging in the scheme. The three, who are residents of Iran, are each charged with one count of conspiring to commit computer fraud and related activity, one count of intentionally damaging a protected computer, and one count of transmitting a demand in relation to damaging a protected computer.

“The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” said Assistant Attorney General Matthew Olsen of the Justice Department’s National Security Division. “This indictment makes clear that even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.”

Staying safe

cybersecurity

The hacking allegedly exploited vulnerabilities in software and networks to gain access and exfiltrate data and information from victims’ computer systems. The indictment also accuses the trio of denying victims access to their systems and data unless a ransom payment was made.

The three men are accused of victimizing a broad range of organizations, including small businesses, government agencies, nonprofit programs and institutions, as well as critical infrastructure sectors such as health care centers, transportation services and utility providers.

Here in New Jersey, according to court documents, the defendants targeted a township in Union County in February 2021, gaining control and access to the township’s network and data and using a hacking tool to establish persistent remote access to a particular domain that was registered to one of the men.

They are also accused of targeting a Morris County-based accounting firm in or before February 2022, using a hacking tool to establish a connection to a server registered to one of…

Source…

Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against U.S. Critical Infrastructure

/in


An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims.

As alleged in the indictment, from October 2020 through the present, Mansour Ahmadi, aka Mansur Ahmadi, 34; Ahmad Khatibi Aghda, aka Ahmad Khatibi, 45; and Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin, 30, engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims.

“The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “This indictment makes clear that even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.”

The defendants’ hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems. Ahmadi, Khatibi, Nickaein and others also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made.

The defendants victimized a broad range of organizations, including small businesses, government agencies, nonprofit programs and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including health care centers, transportation services and utility providers.

“Ransom-related cyberattacks — like what happened here — are a particularly destructive form of cybercrime,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “No form of cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to…

Source…

Iranian nationals charged in alleged ransomware conspiracy | WKHM-AM

/in


Witthaya Prasongsin/Getty Images

(NEWARK, N.J.) — Three Iranian nationals attempted to hack into hundreds of computers in the U.S. and around the world, demanding, and sometimes getting, a ransom, according to an indictment unsealed Wednesday.

The four-count grand jury indictment returned in Newark federal court charged the trio with hacking conspiracy, two counts of computer hacking and a count of computer extortion over an alleged ransomware conspiracy that targeted a range of organizations and critical infrastructure sectors such as healthcare centers, power companies and transportation services inside the U.S. and abroad.

Mansour Ahmadi, Ahmad Aghda, and Amir Ravari hacked into hundreds of computers inside the U.S. and around the world by often exploiting known vulnerabilities in network devices or software programs, the indictment said.

Once they gained access to an organization or company’s software, they would use a program known as BitLocker to encrypt data on their victims’ systems and demand a ransom either by threatening to release stolen data or keeping the data encrypted unless they were paid — at times making demands for hundreds of thousands of dollars, according to the court filing.

The three men would often send their demands to office printers. Prosecutors detailed some of the correspondence they had with their victims. Some of those targeted include a domestic violence center, which Khatibi is alleged to have extorted $13,000 from, a housing authority, which he demanded $500,000 ransom from, and the computer systems of a U.S. township and county, the indictment said.

The indictment did not allege involvement by the government of Iran. Instead, the three demanded the money be paid to themselves, it said, although a U.S. official told reporters the Iranian government’s lax laws could share the blame for failing go after actors who engage in this type of alleged conspiracy. The official said all three men are still believed to be within Iran and have not been arrested, and acknowledged it’s unlikely any will see the inside of a U.S. courtroom.

Accompanying the announcement of the indictment, the FBI will release a new joint cybersecurity bulletin…

Source…

U.S. Law Enforcement Charges Russian Nationals In Global Energy Hacking Scheme

/in


The Department of Justice unsealed charges brought against four Russian nationals who are accused of working for the Russian government while simultaneously attempting to hack into the online infrastructure of the global energy sector.

In two indictments, the defendants are accused of hacking thousands of computers across hundreds of companies and firms in 135 individual countries participating within the energy industry.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”

The prosecutors allege that three officers of Russia’s Federal Security Service and other co-conspirators targeted software systems in the global energy sector to give the Russian government the ability to compromise the overall industry.

One indictment alleges that Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, of engaging in a two-part hacking attempt to further the Russian state agenda, targeting international oil and gas companies between 2012 and 2017. They allegedly targeted hardware and software devices that control power generation equipment. 

The hacking infected legitimate software updates with malware to provide a “backdoor” entrance for hackers to access infected networks. 

The second phase involved targeting individuals and engineers with spearphishing attacks—some of which were successful—and infecting sites commonly visited by energy sector engineers with malware.

The defendants are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, and conspiracy to commit wire fraud. Akulov and Gavrilov are also charged with multiple counts of wire fraud and illegally obtaining information stored on computer networks. Akulov and Gavrilov also face three counts of aggravated identity theft.

In the second indictment, Evgeny Viktorovich Gladkikh, 36, is accused of…

Source…