An unsealed indictment just released charged three Iranian Nationals with allegedly conspiring and organizing a scheme to hack into multiple computer networks within the United States, including a Morris County accounting firm and a Union County city.
According to U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen, the trio began targeting a number of private companies along with countless government entities within the United States, England, Israel and Iran, beginning in October 2020 through the present.
The indictment names Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari as alleged extortionist engaged in a plan to unlawfully gain access to hundreds of computer systems throughout the United States as well as the United Kingdom, Israel, and elsewhere.
Three Iranian Nationals Indicted
The defendants’ exploited known vulnerabilities commonly existing within many networks and software applications, allowing them to gain control of an individual’s computer system.
Ahmadi, Khatibi, and Ravari, along with the other named defendants also inserted encryption intrusions and ransomware within the victim’s computer system, denying the individual the ability to access their computer unless a ransom payment was made to unlock their device.
Private, Public Targets
The trio allegedly victimized a wide range of organizations, including both private and government institutions such as small private businesses, government agencies, non-profits, and educational and religious institutions. They targeted critical infrastructure sectors, including healthcare centers, transportation services, and utility providers.
“Ransom-related cyber-attacks, like what happened here, are a particularly destructive form of cyber-crime,” Sellinger said. “No form of cyber-attack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security. Hackers like these defendants go to great lengths to keep their identities secret, but there is always a digital trail. And we will find it.”
“These defendants may have been hacking and extorting victims—including critical infrastructure providers, for their personal gain, but the charges reflect how criminals can flourish in the safe haven that…Iran has created and is responsible for,” Assistant Attorney General Matthew Olsen said.
According to the Indictment, even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.
Targeting America’s Infrastructure
The timeline provided by the federal government alleges starting in February 2021, the trio targeted a municipality within Union County. The men allegedly hacked into the township’s network by using a remote hacking device which utilized known vulnerabilities within the network, thus gaining control of the entire computer system.
Investigators later traced the remote access device to a particular domain that was registered to Ahmadi.
The following year, in February 2022, the trio and their conspirators targeted an accounting firm located in Morris County. They again allegedly hacked into the firm’s computer network system using the same methodology of targeting susceptible software and gaining unauthorized and illegal access to the firm’s server, registered to Ravari and steal data.
Ransom Payment of $50,000
Once the firm’s network was breached, the trio launched a cyber encryption attack in March 2022, blocking access to a number of critical computer files until a ransom payment of $50,000 in crypto currency was paid to defendant Khatibi. If the accounting firm refused to pay, the data would then be sold to the highest bidder on the black market.
The indictment lists a number of other companies throughout the United States that were victimized by the defendants, including a regional electric utility company based in Mississippi; a regional electric utility company based in Indiana; a public housing corporation in the State of Washington; a shelter for victims of domestic violence in Pennsylvania; a county government in Wyoming; a construction company located in the State of Washington that was engaged in work on critical infrastructure projects; and a state bar association.
The trio ranging in age 30 to 45 years old are all Iranian Nationals, charged with multiple counts of computer fraud.
Fight Against Iranian Deal
In a related issue, a bipartisan group of 50 lawmakers warned the Biden Administration to rethink the precarious Iranian Deal, currently under consideration.
The bipartisan group, led by Reps. Josh Gottheimer (D-NJ) and Andrew Garbarino (R-NY), wrote a letter to President Joe Biden, imploring him to reconsider the potential agreement currently being ironed out with Iran.
The bipartisan group of lawmakers, consisting of 34 Democrats and 16 Republicans, reminded the administration that Iran is officially the world’s leading state sponsor of terrorism. And that any deal that weakens America’s terror-related sanctions against the Islamic Revolutionary Guard Corps (IRGC) or allows Russia a role in negotiating a deal with Iran, would jeopardize America’s National Security interests.