The US Treasury Department’s Office of Foreign Assets Control has announced extensive sanctions against three Iranian nationals, and two Islamic Revolutionary Guard Corps (IRGC) sponsored firms for launching ransomware attacks against US-based and other international companies since October 2020.
In an indictment unsealed this Wednesday, the US Department of Justice (DoJ) shared the details of a group of Iranian hackers who targeted hundreds of organizations in the USA and worldwide to extort their victims and make money. In several cases, they demanded thousands of dollars in ransom from their victims for unlocking their computers, revealed a DoJ official.
The intrusion was partially attributable to attacks launched by Charming Kitten, Phosphorus, Nemesis Kitten, and APT35. According to the Treasury Department, the hackers launched hacking campaigns against organizations in the USA and Middle Eastern companies.
Reportedly, three Iranian nationals were mainly involved in this scheme, whereas the alleged targeted organizations include a Pennsylvania-based domestic violence shelter, a Union County, NJ municipality, and an energy firm in Mississippi.
The indictment didn’t accuse the Iranian nationals of hacking the organizations on behalf of the Iranian government. Still, in sanctioning them, the Treasury Department accused all three of working with IT firms having close affiliations with the IRGC (Iranian Revolutionary Guard Corps). Their key targets included power firms, local governments, non-profit organizations, and small businesses. However, the indictment didn’t name the affected companies.
A copy of the intelligence bulletin from the US Customs and Border Protection dated 25 June was obtained by Yahoo News. It cited a DHS raw intelligence and claimed that Najee Technology and Akfar Systems were the two Iran-based firms used by the Iranian government to launch cyberattacks against foreign targets.
The DoJ has filed criminal charges against all three hackers: Mansour Ahmadi, 34, Ahmad Khatibi Aghda, 45, and Amir Hossein Nickaein Ravari, 30. All the indicted Iranian nationals are supposedly residing in Iran, which is why their extradition to the USA is not possible unless they travel to a country that has an extradition agreement with the USA.
The Treasury Department has sanctioned them and seven other Irani citizens for working for the abovementioned IT firms. The DoJ is offering a $10 million reward for Ravari, Ahmadi, and Aghda.
“These three individuals are among a group of cybercriminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on.”
Christopher A. Wray – FBI Directer
Iran’s Permanent Mission to the UN is yet to respond to this latest development.
- US charges 3 North Korean hackers for extorting $1.3+ billion
- Iranian hackers hit Israel with disk wiper in disguise of ransomware
- 9 Iranian hackers charged with hacking universities & stealing secrets
- FBI Adds Syrian Electronic Army Hackers to Cyber’s Most Wanted List
- Ransom fail: Iranian hackers leak a trove of Israeli LGBTQ dating app data