The charges accuse the hacking suspects of targeting hundreds of entities in the US and around the world, encrypting and stealing data from victims’ networks and threatening to make it public or leave it encrypted unless exorbitant ransom payments are made. In some cases, victims made those payments, the department said. The Biden administration has sought to go after hackers who have effectively held U.S. targets hostage, often sanctioned or protected by adversaries. The threat gained particular prominence in May 2021, when a Russian-based hacker group was accused of conducting a ransomware attack on the Georgia-based Colonial Pipeline that disrupted natural gas supplies along the East Coast. Hackers based in Iran have also been in the spotlight this past year, with the FBI foiling a planned cyberattack on a Boston children’s hospital that was to have been carried out by hackers funded by the Iranian government. “The cyber threat facing our nation grows more dangerous and complex every day,” FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday. “Today’s announcement makes it clear that the threat is both local and global. It’s something we can’t ignore and we can’t fight alone.” The hackers named in Wednesday’s indictment are not believed to have been working for the Iranian government but for their own financial gain, and some of the victims were even in Iran, according to a senior Justice Department official who briefed reporters on the case . subject to anonymity as per the ground rules laid down by the department. However, the official said the activity, even if not directed by the Iranian government, exists because the regime allows hackers to operate largely with impunity. In a related action Wednesday, the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities linked to Iran’s Islamic Revolutionary Guard Corps that it says have engaged in malicious cyber activities , including ransomware. The Treasury Department identified the three defendants in the Justice Department case as employees of technology companies it says are linked to the Revolutionary Guard. John Hultquist, vice president of threat intelligence at cybersecurity firm Mandiant, said his team had been monitoring the Iranian actors for some time and estimated they were Revolutionary Guard contractors who have been labeled criminal hackers. He said they are particularly dangerous because “any access they gain could be used for purposes of espionage or disruption. The actions come amid an apparent impasse in talks between the U.S. and Iran over a possible revival of a 2015 nuclear deal. Israel and some U.S. lawmakers in both parties are pushing the Biden administration to get tougher on Iran, calling negotiations on Iran’s nuclear program failed. The three accused hackers are believed to be in Iran and have not been arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country. The case was filed in federal court in New Jersey, where a municipality and an accounting firm were among the victims. The alleged hacking took place between October 2020 and last month, when the indictment was issued under seal. The three defendants — identified as Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari — are accused of exploiting known or public vulnerabilities in software applications to break into victims’ computer networks. Prosecutors say the victims were seen by the defendants as targets of opportunity. They included a domestic violence shelter in Pennsylvania, which the indictment alleges was extorted from $13,000 to recover its hacked data. electric utilities in Indiana and Mississippi; a county government in Wyoming; and a construction company in Washington state.
Associated Press writers Fatima Hussein and Ellen Knickmeyer in Washington and Frank Bajak in Boston contributed to this report.
Follow Eric Tucker on Twitter at
