Three Iranian nationals hacked into the computer systems of hundreds of victims across the United States, Israel, the United Kingdom, and Iran, among other countries. The guilty party also allegedly engaged in a ransomware scheme to hack into multiple organizations in critical sectors, including utility providers, transportation services, health care centers, government agencies, educational and religious organizations, non-profit programs, and small businesses, stated the Department of Justice’s (DOJ) indictment.
Since October 2020, Mansour Ahmadi (34), Ahmad Khatibi Aghda (45), and Amir Hossein Nickaein Ravari (30) engaged in a plot to gain unauthorized access to computer systems of victims across the world, causing damage and losses to the victims. The US DOJ press release stated the accused hacking campaign exploited known vulnerabilities in commonly used network devices and software apps. Using commercially available encryption software, BitLocker, the trio conducted encryption attacks against victims’ computer systems, denying them access to their data unless they made a ransom payment.
U.S Attorney Philip R. Sellinger for the District of New Jersey said, “No form of cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security. Hackers like these defendants go to great lengths to keep their identities secret, but there is always a digital trail. And we will find it.”
Also Read: Have You Ever Wondered What Cybercriminals Are Really After?
The indictment list of victims includes a housing authority in Washington state, accounting firms in New Jersey and Illinois, a township municipality in New Jersey, Union County, power companies in Indiana and Mississippi, a county government in Wyoming, and a domestic violence shelter in Pennsylvania. In December 2021, the domestic violence shelter received a message on their printer that asked the victims not to take any action for recovery and that their files may be corrupted and not recoverable. The hackers asked its victims to contact them for the decryption keys. The shelter ended up losing $13,000 to the hackers’ Bitcoin wallet for the decryption keys to access and restore their system and data.
While FBI investigators said they do not believe the three accused were working with the Iranian government, the US Department of the Treasury stated in their official press release that the individuals in question were a part of a group of cyber actors affiliated with the Islamic Revolutionary Guard Corps. The State Department announced a reward of up to $10 million for any information on the three men who are believed to be operating from Iran.
Source- Rewards for Justice Twitter
FBI Director Chris Wray, in a video statement, announced that law enforcement agencies would release a joint cybersecurity advisory in the US, Australia, and Canada, to minimize the impact of future cyber threats linked to the Revolutionary Guard. They are notorious for such attacks, particularly on critical infrastructure.
Khatibi, Ahmadi, and Nickaein, residents of Iran, are each indicted with one count of scheming to commit computer fraud and its related activity; one count of transmitting a demand concerning damaging a protected computer; and one count of intentionally damaging a protected computer system. The conspiracy charge carries a maximum sentence of five years, the intentional damage to protected computers is ten years, and the transmission of a ransom demand charge is five years in prison.
For more updates on Cybersecurity, Visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.
