In September 2020, the U.S. FBI reported on several recent criminal charges raised against Iranian hackers, believed to be operating at the behest of the Iranian government, or in support of it. The hacks included cyber intrusions and fraud, vandalism of U.S. websites, and intellectual property theft from U.S. aerospace and satellite technology companies. According to the FBI report:
September 18, 2020 While the cases filed in federal courts in Boston, Alexandria, and Newark are separate and unique, prosecutors and FBI investigators said they send a message that hackers will face consequences regardless of distance and borders.
The FBI added that:
The efforts were reflective of the FBI’s new cyber strategy, which is to impose risk and consequences on cyber adversaries—making it harder for both cyber criminals and foreign governments to use malicious cyber activity to achieve their objectives. The new strategy also emphasizes the role the FBI plays as an indispensable partner to federal counterparts, foreign partners, and private-sector partners.
Following is a short summary on each of the cases referred to:
- Two alleged computer hackers, Behzad Mohammadzadeh (a/k/a “Mrb3hz4d”), an Iranian national, and Marwan Abusrour (a/k/a “Mrwn007”), a stateless national of the Palestinian Authority were indicted in the District of Massachusetts on charges of damaging multiple websites across the United States as retaliation for United States military action in January 2020 that killed Qasem Soleimani, the head of the Islamic Revolutionary Guard Corps-Quds Force, a U.S.-designated foreign terrorist organization… Mohammadzadeh has publicly claimed to have personally defaced more than 1,100 websites around the world with pro-Iranian and pro-hacker messages, which he began in 2018 and continues through the present day. Abusrour is a self-described spammer (sender of unsolicited emails for profit), carder (illicit trader in stolen credit cards) and black hat hacker (a hacker who violates computer security for personal gain or maliciousness) who has publicly claimed to have defaced at least 337 websites around the world, which he began no later than June 6, 2016, and continued through at least July 2020… The defendants allegedly started working together on or about Dec. 26, 2019, when Abusrour began providing Mahammadzadeh with access to compromised websites.
- Two Iranian nationals from Hamedan, Iran, Hooman Heidarian, a/k/a “neo,” 30, and Mehdi Farhadi, a/k/a “Mehdi Mahdavi” and “Mohammad Mehdi Farhadi Ramin” have been charged in connection with a coordinated cyber intrusion campaign – sometimes at the behest of the government of Iran – targeting computers in New Jersey and around the world… are each charged in a 10-count indictment returned Sept. 15, 2020, with: one count each of conspiracy to commit fraud and related activity in connection with computers and access devices; computer fraud — unauthorized access to protected computers: computer fraud, unauthorized damage to protected computers; conspiracy to commit wire fraud; and access device fraud; and five counts of aggravated identity theft… The victims included several American and foreign universities, a Washington, D.C.-based think tank, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations (NGOs), non-profits, and foreign government and other entities identified as rivals or adversaries to Iran around the world.
- Three computer hackers – Iranian nationals residing in Iran, Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati, were indicted with engaging in a coordinated campaign of identity theft and hacking on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organization, in order to steal critical information related to United States aerospace and satellite technology and resources… According to allegations in the indictment, the defendants’ hacking campaign, which targeted numerous companies and organizations in the United States and abroad, began in approximately July 2015 and continued until at least February 2019. The defendants at one time possessed a target list of over 1,800 online accounts, including accounts belonging to organizations and companies involved in aerospace or satellite technology and international government organizations in Australia, Israel, Singapore, the United States, and the United Kingdom.
Details were released on eight separate and distinct sets of malware used by Rana Intelligence Computing Company, said to be a front company which helped Iran’s Ministry of Intelligence and Security, target at least 15 U.S. companies along with hundreds of individuals and entities from more than 30 countries across Asia, Africa, Europe, and North America. The FBI added that the investigation led to the U.S. Department of the Treasury issuing sanctions against Rana and 45 cyber actors.