The Biden administration has announced charges against three Iranian hackers is suspected of having ties to an Iranian government attack group called “Charming Kitten” to carry out hacking and ransomware activities, according to US officials.
Hackers — affiliated with Iran Islamic Revolutionary Guard Corpsaccording to Treasury Department officials — has tracked hundreds of organizations in the United States, Britain, Israel, Iran and elsewhere, including a shelter for victims of domestic violence in Pennsylvania, a Indiana-based electric utility company, and a public housing entity, according to court documents.
The hacking group has been conducting ransomware operations since at least 2020 by breaking into organizations across the globe, stealing data, and threatening victims that they will release the stolen information unless paid. hundreds of thousands of dollars. The hacking group, also known as “APT 35,” has historically conducted espionage operations for the Iranian government and targeted the Middle East government, its diplomats and military personnel, as well as political leaders. newspapers and energy and telecommunications entities.
Assistant Attorney General Matthew Olsen said the hackers pursued their targets for personal gain. But the Iranian government has supported and facilitated them, he said.
“The charges reflect how crime can thrive in the safe haven that the Iranian Government has created and is responsible for,” Olsen said.
The messages the hackers sent to their victims after they were attacked instructed them to contact the Iranians for instructions.
“Hello. Do not take any action to recover. Your files may be corrupted and cannot be recovered. Just contact us,” the hackers sent to the violence shelter. family.
After receiving the funds from the shelter, they sent the victims a decryption key to recover their information, according to the indictment.
Other threat messages from the IRGC-affiliated attack group will be put into business.
“I have locked down over 90 systems on your network,” wrote the hacker to a hacked construction company in February of this year. “Are you ready to pay?”
“If you don’t want to pay, I can sell your data on the black market,” the hacker wrote to an accounting firm. “This choice is yours.”
The Biden administration on Wednesday also sanctioned three indicted Iranian hackers — Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein — and announced that the US government would issue a $10 million reward for any information leading to the identity or location of Mansour, Khatibi or Nikaeen.
The Biden administration has also sanctioned seven other Iranians for their hacking activities with the IRGC. The seven others sanctioned include Ali Agha-Ahmadi, Mohammad Agha Ahmadi, Mo’in Mahdavi, Aliakbar Rashidi-Barjini, Mostafa Haji Hosseini, Mojtaba Haji Hosseini and Mohammad Shakeri-Ashtijeh.
The The FBI has warned about hackers for months now. In May 2021, the agency issued a detailed warning regarding the attack coming from an attacker using the pseudonym “elie”.
The announcement of the charges and sanctions against IRGC affiliates comes just weeks after US prosecutors revealed a IRGC member assigned to assassinate former US national security adviser John Bolton for $300,000.
In the last few weeks alone, the United States and cybersecurity researchers have identified other hacking campaigns tied to the Iranian government. FBI Director Christopher Wray in June accused the Iranian government of hacking Boston Children’s Hospital. Iranian hackers with ties to the IRGC have also targeted US government officials, dissidents and reporters, according to a new report from the cybersecurity firm. Mandiant.