The Justice Department on Wednesday announced charges against three Iranian individuals alleged to have launched cyberattacks against U.S. and global critical infrastructure.
A senior Justice Department official told reporters that the individuals — Mansur Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein — are alleged to have carried out attacks against hundreds of computers in both the United States, Russia, Israel, the United Kingdom and organizations in Iran beginning at least in October 2020. Groups impacted included health care, transportation and utility companies, along with a domestic violence shelter and state and county governments.
The charges will be unveiled Wednesday by the District of New Jersey U.S. Attorney’s Office at a press conference. Victims in the U.S. listed in the indictment include an unnamed township and accounting firm in New Jersey, along with unnamed power companies in Mississippi and Indiana. A county government in Wyoming, a construction company in Washington and the Bar Association for a U.S. state were also targeted.
According to the Justice department, several of these victims paid ransoms to Ahmadi, Khatibi and Nickaein following ransomware attacks they perpetrated.
The Iranian individuals are still at-large and believed to be in Iran, according to the Justice Department official, who also stressed that while the individuals did not carry out attacks on behalf of the Iranian government, the government allowed the attacks to take place. One senior official described these state-affiliated actors as up to something on the side. They were indicted by the Justice Department on four counts, including intentionally damaging protected computers and transmitting ransom demands.
The State Department and Treasury Department are also expected to announce actions in relation to the Iranian hackers on Wednesday.
“We are not going to sit quietly by and let them harass victims like state governments, county governments, violence shelters and the like,” the Justice Department official said.
In addition, a joint cybersecurity advisory will be released by federal agencies in the United States, the United Kingdom, Australia and Canada, including the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency. According to a senior Justice Department official, the advisory refers to the same hackers alleged in a separate advisory — released in November 2021 — to be exploiting vulnerabilities in the Microsoft Exchange system to target U.S. critical infrastructure groups in association with the government of Iran.
The actions by the Justice Department came a week after the White House condemned Iran for allegedly carrying out widespread cyberattacks in July on the Albanian government, and after the Treasury Department sanctioned Iran’s intelligence agency and its leader in connection to the attacks.
This is far from the first legal action related to Iranian-based or Iranian-led cyberattacks. In 2016, a criminal indictment charging seven Iranian hackers for cyberattacks against U.S. financial institutions and a New York dam was returned just a few days after the U.S. and Iran implemented a high-profile nuclear deal. In 2018, the DOJ revealed charges against an Iranian hacking ring that prosecutors say spent years pilfering research and documents from over 100 American universities and government agencies.