For years now the US has been vulnerable to hacking from external attacks, and countries like Russia, China, and North Korea have been at the helm of many of these attempted attacks. From the power grid to banks, to hospitals, to federal data servers, nothing has been completely immune from their hacking attempts.
Now the Iranians want to step up their level of attacks in that arena, and they have already been caught doing so. Targeting power companies, local governments, and small businesses and nonprofits, including a domestic violence shelter, three Iranians have been charged with these ransomware attacks. Within these charges, the trio is accused of targeting hundreds of assets within the US as well as other countries across the globe.
With each successful attack, these hackers would encrypt and steal the data from their victims, threatening to leave it secured behind the encryption, or sell it off to the public unless they were paid an enormous sum in ransom payments. In certain cases, these payments were made when no other choice was seen as a viable option.
Charges have been filed in New Jersey, where multiple targets were located, including a municipality and an accounting firm.
Unfortunately, the Justice Department cannot prove the precise location of the hackers, and as such extradition is completely out of the question. Plus, Iran would never hand over one, much less three of their people to face trial here in the US. However, the Justice Department claimed that facing charges like this has made it “functionally impossible” to leave the country. Apparently, under President Biden, they have forgotten just how porous the borders in the Middle East are, and just how little their governments care if they country hop.
Identified as Mansour Ahmad, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari, these attackers are accused of launching these attacks from October 2020 through August 2022. Utilizing well-known and easily manipulated software vulnerabilities, this trio has been targeting organizations with information they would likely pay a high sum to get released.
Their victims were not chosen at random either. They chose organizations that were victims of opportunity due to poorly updated software, or they had information the trio suspected they would pay dearly to protect. A domestic violence shelter in Pennsylvania was one of their key targets, and they paid $13,000 to have their data recovered. Electric utilities in Indiana and Mississippi were also targeted, as well as a county government network in Wyoming.
Additionally, the Treasury Department’s Office of Foreign Assets Control has filed sanctions against 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps. They claim that this group has also been involved with malicious cyber activity, including ransomware, but details are limited at this time.
With President Biden looking to ensure hackers are brought to justice, his officials have been going after individuals and organizations since shortly after he was sworn in. A Russian-based group attacking the Georgia-based Colonial Pipeline was one of the first groups to be pursued, and this attack was in turn used to blame for the fuel disruptions on the east coast.
While the trio is believed to be working for personal financial benefit, and not for the benefit of the Iranian government, that belief is underscored by their tracks in attacks on assets within Iran as well. The Justice Department believes that the Iranian government may not be directing these actions, but they are allowing them to operate with total impunity.
For the moment, these charges are useless and largely unenforceable. Neither the US government nor the UN can make Iran turn over their people. Instead, they must wait and hope they make a mistake and are caught trying to leave the country, but quite frankly it’s not likely. With the US and Iran at a stalemate for nuclear talks, it’s not likely the countries will be making any deals any time soon.