Business is booming.

U.S. Charges 3 Iranians in Broad Hacking Scheme

WASHINGTON — The Justice Department said on Wednesday it had indicted three Iranians in a wide-ranging hacking campaign around the world targeting local governments, public utilities and nonprofit institutions, including a domestic violence shelter and a children’s hospital.

According to an indictment opened in New Jersey, the men, who are still at large in Iran, hacked into the computers of hundreds of people in the United States, Israel, Russia and Britain. They demanded a ransom in Bitcoin after deploying malware to block access to networks or steal data and threatened to sell or disclose sensitive information if their victims failed to pay, Justice Department and FBI officials said Wednesday.

The Ministry of Foreign Affairs, which offers a $10 million reward For information leading to their arrest, the accused said the accused were working for technology companies linked to the Islamic Revolutionary Guard Corps, a powerful branch of Iran’s military.

The cyber attacks were not led by the Iranian government, which is in the midst of tense negotiations over its nuclear program, senior law enforcement officials told reporters. In fact, the men tried to extort ransom money from Iranian companies.

Nevertheless, Biden’s government officials emphasized that Iran’s unwillingness to deal with cybercrime within its borders, especially ransomware attacks, along with its history of hacking into foreign adversaries, made it easier for the men to operate with relative impunity.

“The government of Iran has created a safe haven where cybercriminals who act for personal gain thrive and defendants like this are able to hack and extort victims, including critical infrastructure providers,” said Matthew G. Olsen, the Assistant Attorney General of the National Ministry of Justice. security department.

The men, Mansour Ahmadi, Ahman Khatibi Aghda and Amir Hossein Nickaein Ravari, were charged with conspiracy to commit computer fraud and other cyber extortion charges. The scheme, which started in 2020, is expected to continue.

The men are still at large in Iran and are very unlikely to face charges in the United States. Officials said they hoped they could prevent future attacks by exposing the group. They also released an advice providing details about the vulnerabilities that the hackers exploited, including in the Microsoft Exchange email program.

In a joint action with several US agencies, the State Department announced it is punishing 10 Iranians, including the three men, along with two entities for “performing malicious cyber acts, including ransomware activities,” according to a statement.

All of the individuals named were current or former employees of Najee Technology and the Afkar System Yazd Company, which the State Department has associated with the Revolutionary Guards.

It’s not clear how much ransom the men raised, but some demands were paid, officials said. Prosecutors believe that the targets of the cyberattacks, identified only by location and a general description of their activities, were selected for no reason other than that their systems were known to have vulnerabilities.

In several cases, the men hacked into computer systems; encrypted data using BitLocker, a commercially available software program used to protect information; then demanded payment in exchange for the data, the court said.

Victims included a borough in Union County, NJ; a construction company working on critical infrastructure projects and a public housing authority, both in Washington state; accounting firms in Illinois and New Jersey; a provincial government in Wyoming; and a Pennsylvania domestic violence shelter.

Two electric utilities, in Mississippi and Indiana, were also breached, but the break-in did not affect their operations or cause power outages, officials said.

In February 2021, the men targeted a township in Union County, took control of the computer network, stole data and used a hacking tool to set up remote access using a domain registered in Mr. Ahmadi’s name. evidenced by court documents.

In June 2021, the group gained access to a children’s hospital computer network, created unauthorized accounts, stole data and attempted to encrypt information. Once notified of the breach, administrators were able to repel the attack with no effect on patient care or medical services.

Last December, the hackers blocked access to data at the domestic violence shelter and ordered the printers to spit out a ransom note that read: “Hello. Take no action for recovery. Your files may be corrupted and cannot be recovered.”

The operators of the shelter quickly agreed to pay Mr Khatibi Aghda one Bitcoin, then worth $13,000.

They put it in his Bitcoin wallet and he released their files, prosecutors said.

Edward Wonga reporting contributed.