According to the Justice Department, several of these victims paid ransoms to Ahmadi, Khatibi and Nickaein following ransomware attacks they carried out.
The Iranian individuals are still at large and believed to be in Iran, according to the Justice Ministry official, who also pointed out that while the individuals did not carry out attacks on behalf of the Iranian government, the government authorized the attacks. A senior official described these state-affiliated actors as doing something incidental. They were charged by the Justice Department with four counts, including willfully damaging protected computers and transmitting ransom demands.
The State Department and Treasury Department are also expected to announce actions regarding Iranian hackers on Wednesday.
“We are not going to sit quietly and let them harass victims like state governments, county governments, violence shelters and the like,” the Justice Department official said.
In addition, a joint cybersecurity advisory will be issued by federal agencies in the United States, United Kingdom, Australia, and Canada, including the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency. According to a senior Justice Department official, the advisory refers to the same alleged hackers in a separate advisory – published in November 2021 – who are exploiting vulnerabilities in the Microsoft Exchange system to target US critical infrastructure groups in association with the Iranian government.
The Justice Department’s actions came a week after the White House condemned Iran for allegedly carrying out widespread cyberattacks in July against the Albanian government, and after the Treasury Department sanctioned Iran’s intelligence agency and its leader in connection with the attacks.
This is far from the first legal action related to cyberattacks based or led by Iran. In 2016, a criminal indictment charging seven Iranian hackers with cyberattacks on US financial institutions and a New York dam was handed down just days after the US and Iran implemented a high-profile nuclear deal. In 2018, the DOJ uncovered charges against an Iranian hacking ring that prosecutors say spent years stealing research and documents from more than 100 US universities and government agencies.
Ry Rivard contributed to this report.