Mississippi utility targeted by Iranian hackers, feds say
Published 2:28 pm Wednesday, September 14, 2022
The Justice Department said Wednesday that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.
The charges accuse the hacking suspects of targeting hundreds of entities in the U.S. and around the world, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made. In some cases, the victims made those payments, the department said.
The Biden administration has tried to go after hackers who have held U.S. targets essentially hostage, often sanctioned or sheltered by adversaries. A Russia-based hacker group was accused of conducting a ransomware attack last year on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.
These hackers are not believed to have been working on behalf of the Iranian government but instead for their own financial gain, and some of the victims were even in Iran, according to a senior Justice Department official who briefed reporters on the case on the condition of anonymity under ground rules set by the department. The official said the activity, even if not directed by the Iranian government, exists because the regime permits hackers to largely operate with impunity.
In a related action Wednesday, the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps who it says have been involved in malicious cyber activities, including ransomware.
The announcements come amid an apparent stalemate in talks between the U.S. and Iran over the possible revival of a 2015 nuclear deal. Israel and some U.S. lawmakers of both parties are pushing the Biden administration to get tougher on Iran, calling the negotiations on Iran’s nuclear program a failure.
The three accused hackers are thought to be in Iran and have not been arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country.
The case was filed in federal court in New Jersey, where a municipality and an accounting firm were among the victims.
The alleged hacking took place between October 2020 through last month, when the indictment was issued under seal. The three defendants — identified as Mansour Ahmad, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari — are accused of exploiting known or publicly disclosed vulnerabilities in software applications to break into the victims’ computer networks.
Prosecutors say the targets were seen by the defendants as victims of opportunities or entities that would likely be willing to pay money to get their data back. The victims included a domestic violence shelter in Pennsylvania, which the indictment says was extorted out of $13,000 to recover its hacked data; electric utilities in Indiana and Mississippi; and a county government in Wyoming.