DOJ indicts Iranians for allegedly hacking and extorting US groups

The Department of Justice (DOJ) on Wednesday unsealed an indictment of three Iranian nationals alleged to have hacked hundreds of computer systems of organizations in the U.S. and around the world. 

U.S. officials accused the defendants of exfiltrating data from the organizations’ computer systems and attempting to extort money from them by either threatening to release the stolen data or keeping the data encrypted unless the hackers were paid.

The hackers allegedly demanded hundreds of thousands of dollars in ransom payments, which some victims paid to regain access to their data, a senior DOJ official said during a background call on Wednesday.

The victims of the scheme included small businesses, government agencies, nonprofit organizations, and educational and religious institutions. 

“Crimes like these will happen when nations and their government do not adhere to widely accepted norms like promulgating and enforcing broadly applicable laws against computer hacking and extortion,” a senior DOJ official said to reporters during the background call. 

The official also said that the hackers did not engage on behalf of the Iranian government. U.S. officials believe the defendants are still in Iran and have yet to be arrested.

The DOJ indictment coincided with the State Department’s announcement that it will offer a reward of up to $10 million for information on the three defendants charged in this case. 

In a related enforcement action, the Treasury Department imposed sanctions on Wednesday on two entities and 10 individuals, including the three defendants the DOJ charged, for participating in malicious cyber activities. 

The agency said the malicious cyber actors, who have ties to Iran’s Islamic Revolutionary Guard Corps, have been compromising computer systems based in the U.S. and other nations since at least 2020.

“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board—directly threatening the physical security and economy of the United States and other nations,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson said in a statement. 

The department also reported that ransomware payments in the U.S. reached more than $590 million in 2021, compared to $416 million in 2020.

Today’s sanctions are the latest in a number of enforcement actions the U.S. has taken against Iran.

Just last week, the Treasury Department sanctioned Iran’s intelligence ministry and its top intelligence official following a cyberattack Iran allegedly launched against Albania, a NATO member, in July. 

The agency designated Iran’s Ministry of Intelligence and Security and its minister of intelligence for participating in criminal cyber activities against the U.S. and its allies. 

The sanctions came after the White House National Security Council condemned the attack against Albania, calling it “unprecedented.”

On July 15, a cyberattack temporarily shut down multiple Albanian government digital services and websites. The country’s prime minister, Edi Rama, said that an investigation confirmed “without a shadow of a doubt” that the attack was carried out by Iranian state-sponsored hacking groups. 

The attack led Albania to cut diplomatic relations with Iran, which has denied responsibility for the attack.