DOJ charges Iranian hackers in data-stealing scheme
The Department of Justice unsealed an indictment on Wednesday against three Iranian nationals charged with malicious computer activity between October 2020 and August 2022.
Why it matters: U.S. indictments of international cybercriminals send a clear message that law enforcement knows who is a part of a flourishing overseas hacking groups and make it difficult for defendants to leave their home countries without risking arrest.
Driving the news: The defendants are accused of "exploiting known or publicly disclosed vulnerabilities in commonly used network devices and software programs to get access to victims' computer networks," per a senior DOJ official.
- An indictment unsealed Wednesday alleges the defendants targeted hundreds of victims — including small businesses, nonprofits, local governments and "critical infrastructure," like healthcare organizations — in the United States, United Kingdom, Israel, Russia and Iran.
- "The indictment does not allege that these actors undertook these actions on behalf of the Government of Iran. Instead, the indictment alleges the actors were demanding to be paid themselves," the official said.
- The individuals face four charges, including conspiracy to commit fraud and related activity in connection with computers and intentional damage to a protected computer.
- The DOJ also said Wednesday that it will release a joint cybersecurity advisory later today with the FBI, Cybersecurity and Infrastructure Security Agency and Australian, Canadian and U.K. governments.
- The Treasury Department also unveiled new sanctions on Wednesday against the three defendants and the technology companies they're affiliated with.
Between the lines: While the three defendants are being charged for engaging in criminal cyber activities, the senior DOJ official told reporters that cybercrime flourishes in nations that “do not adhere to widely accepted norms.”
- In the absence of updated, agreed upon cyber diplomacy norms at the United Nations, the White House has been handing down sanctions and indictments to send a clear message of what they think the norms should be.
What they're saying: "These three individuals are among a group of cybercriminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on," FBI Director Christopher Wray said Wednesday.
The big picture: The new indictments and cybersecurity advisory is a part of the Biden administration’s continuing efforts to crack down on both Iranian cybercriminal and nation-state hacking groups.
- Last week, the U.S. government attributed a series of destructive data exfiltration attacks against Albanian government networks to Iran.
- The Treasury Department sanctioned the Iranian Ministry of Intelligence and its minister on Friday.
Go deeper... Why Albania's cyberattacks matter to the U.S.
Editor's note: This story has been updated with a statement from FBI Director Christopher Wray.