Nine Iranians charged, sanctioned over sweeping hacking campaign

Getty Images

Nine Iranian nationals and one Iranian entity on Friday were sanctioned by the Treasury Department and charged by the Department of Jusitice for allegedly hacking into hundreds of universities and other organizations, stealing information on behalf of Iran’s government.

The individuals worked in some capacity for an Iran-based company called the Mabna Institute, which investigators say was founded in 2013 to help Iranian universities and scientific and research organizations gain access to non-Iranian scientific materials. 

{mosads}Investigators say the hackers targeted American and international universities, as well as the United Nations and U.S. businesses and government entities, including the Department of Labor and the Federal Energy Regulatory Commission, which holds sensitive information on U.S. electricity and natural gas systems.

The hackers allegedly breached and stole information from American universities that cost them approximately $3.4 billion to procure and maintain, Deputy Attorney General Rod Rosenstein said at a press conference Friday.  

The Justice Department is charging the Iranians with seven crimes, including conspiracy, computer fraud, wire fraud and identity theft.

The hackers are based in Iran, making it highly unlikely they will be extradited to the U.S. to face charges.

However, Rosenstein said Friday that publicly identifying them will help deter nation-state hacking going forward.

“This type of public identification helps deter state-sponsored computer intrusions by stripping them of anonymity and imposing consequences,” Rosenstein said. “By bringing these criminal charges, we reinforce a norm that most of the civilized world accepts: Nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage.”

The Mabna Institute has allegedly stolen personal information and economic resources for private financial gain, as well as contracting with the Iranian government to hack into organizations on its behalf.

“The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” Treasury Under Secretary Sigal Mandelker said in a statement, referring to the Islamic Revolutionary Guard Corps, part of Iran’s military.

“We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities,” Mandelker said. “Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime’s malicious cyber practices, and hold it accountable for criminal cyber-attacks.” 

The Mabna Institute hacked into computer systems belonging to 144 U.S. universities as well as 176 universities in 21 other countries, according to Treasury and the Department of Justice, which jointly announced the new sanctions on Friday. 

Investigators say the hackers stole data and login credentials from the schools and gave them to the IRGC, in addition to selling the stolen information in Iran through at least two websites.

The hackers allegedly stole login credentials from university professors that was used to access online university library systems.

The other nations impacted include Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, the Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom.

Treasury is also sanctioning another Iranian, Behzad Mesri, who was indicted last November for breaching HBO servers to steal information about unaired episodes and other sensitive company data.

The Trump administration has been increasingly bellicose toward Tehran. Friday’s sanctions came one day after President Trump named former U.S. Ambassador to the United Nations John Bolton, a vocal Iran hawk, as his next national security adviser.

Tags Donald Trump Rod Rosenstein

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.