On Wednesday an indictment was unsealed charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen announced. It is alleged that the individuals, identified as Mansour Ahmadi, aka “Mansur Ahmadi,” Ahmad Khatibi Aghda, aka “Ahmad Khatibi,” and Amir Hossein Nickaein Ravari, aka “Amir Hossein Nikaeen,” aka “Amir Hossein Nickaein,” aka “Amir Nikayin,”engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims.

The hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems, and also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made. The defendants victimized a broad range of organizations, including small businesses, government agencies, non-profit programs, and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including healthcare centers, transportation services, and utility providers.

In February 2021, the defendants and their conspirators targeted a township in Union County, New Jersey, exploiting known vulnerabilities to gain control and access to the township’s network and data and used a hacking tool to establish persistent remote access to a particular domain that was registered to Ahmadi.

Sponsorships Available

Sponsorships Available

Sponsorships Available

In or before February 2022, the defendants and their conspirators targeted an accounting firm based in Morris County, New Jersey. They again exploited a known vulnerability to gain unauthorized access and then used a particular hacking tool to establish a connection to a server that was registered to Nickaein and steal data. In March 2022, the defendants launched an encryption attack against the accounting firm; after denying the firm access to some of its systems, Khatibi demanded payment of $50,000 in cryptocurrency and threatened to sell the data on the black market.

Ahmadi, 34, Khatibi, 45, and Nickaein, 30, all Iranian residents, are each charged by indictment with one count of conspiring to commit computer fraud and related activity in connection with computers; one count of intentionally damaging a protected computer; and one count of transmitting a demand in relation to damaging a protected computer. Ahmadi is charged with one additional count of intentionally damaging a protected computer. The conspiracy charge carries a maximum prison sentence of five years in prison. The intentional damage to protected computers charge carries a maximum sentence of 10 years in prison. The transmission of a ransom demand charge carries a maximum sentence of five years in prison. The offenses also carry a potential maximum fine of $250,000 or twice the gross amount of gain or loss resulting from the offense, whichever is greatest.