The Washington Post writes that on Friday the Trump administration announced sanctions and criminal indictments against an Iranian hacker network it said was involved in “one of the largest state-sponsored hacking campaigns” ever prosecuted by the United States, targeting hundreds of U.S. and foreign universities along with dozens of U.S. companies and government agencies, and the United Nations.
The Post, however, adds that the hackers were not direct employees of the Iranian government but points out that they all worked at the behest of the Islamic Revolutionary Guard Corps (IRGC). Nine of the 10 named individuals were connected to the Mabna Institute, a Shiraz-based tech firm that the Justice Department alleged hacks on behalf of Iranian universities and the IRGC. The institute conducted “massive, coordinated intrusions” into the computer systems of at least 144 U.S. universities and 176 foreign universities in 21 countries, including Britain and Canada, officials said.
Highlighting the extent of the malign activities carried out by Iran, prosecutors said that the malicious act resulted in the theft of more than 31 terabytes of data and intellectual property from the victims and much of it ended up in the hands of the IRGC.
“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York.
“Iran is engaged in an ongoing campaign of malicious cyberactivity against the United States and our allies,” said Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence. “We will not tolerate the theft of U.S. intellectual property or intrusion into our research institutions and universities.”
Also sanctioned was Behzad Mesri, who U.S. prosecutors announced last November had been indicted on a charge related to the hacking of HBO. As a result of the indictments, officials said, the defendants cannot travel to more than 100 countries without fear of arrest and extradition to the United States. The sanctions block any transactions with those named and freeze any assets they may have under U.S. jurisdiction. Indictments charge the nine Mabna associates with stealing proprietary data, including log-ins and personal information that allowed access to intellectual property. Deputy Attorney General Rod J. Rosenstein predicted the measures would “disrupt the criminal operations of the Mabna Institute and . . . deter similar crimes by others.”
The actions are part of an effort by the Trump administration to expose the activities of and penalize cyber-foes. According to officials, they also form part of a broad strategy for combating “malign activities” by Iran that fall outside the scope of the nuclear agreement it signed with the United States and others three years ago. Officials further assert that the indictment and sanctions help make clear that attribution is possible even when a state uses third parties or proxies to carry out their malicious acts. With such actions, “we’re getting a clearer picture of the Iranian actors who are not part of the government but are supporting activities on behalf of the Iranian regime,” said Tim Maurer, author of the book “Cyber Mercenaries.”
The indictments were welcomed by Britain’s Foreign Office which issued a statement saying that the country’s National Cyber Security Center has assessed “with high confidence” that the Mabna Institute is “almost certainly responsible” for a multiyear hacking campaign targeting U.S. and British universities for intellectual property theft.