Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against U.S. Critical Infrastructure

/in


An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims.

As alleged in the indictment, from October 2020 through the present, Mansour Ahmadi, aka Mansur Ahmadi, 34; Ahmad Khatibi Aghda, aka Ahmad Khatibi, 45; and Amir Hossein Nickaein Ravari, aka Amir Hossein Nikaeen, aka Amir Hossein Nickaein, aka Amir Nikayin, 30, engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims.

“The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “This indictment makes clear that even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.”

The defendants’ hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems. Ahmadi, Khatibi, Nickaein and others also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made.

The defendants victimized a broad range of organizations, including small businesses, government agencies, nonprofit programs and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including health care centers, transportation services and utility providers.

“Ransom-related cyberattacks — like what happened here — are a particularly destructive form of cybercrime,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “No form of cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to…

Source…