Three Iranian Nationals Charged in Critical Services Scheme
A trio of Iranian nationals have been indicted for participating in what FBI director Christopher Wray called “a multi-year scheme to compromise the networks of hundreds of companies, organizations and institutions, many of which offer critical services we all rely on every day.
The companies targeted in the scheme by Mansour Ahmadi, Ahmad Khatibi Aghda, Amir Hossein Nickaein Ravari and others include health care facilities, power companies and local governments in communities in the United States and abroad.
“They were looking to steal information, encrypt networks, and sell private data, all in the hopes of persuading victims to pay sizeable ransoms,” Wray said in a video statement. “In addition to targeting victims here in the U.S., the defendants also targeted companies and entities around the world, including in their own country of Iran, demonstrating that few targets were off-limits.”
Wray said the three “are among a group of cybercriminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on.” While the FBI has been keyed in on these kinds of threats, a joint cybersecurity advisory issued by the FBI and partners in law enforcement and intelligence in the U.S. and elsewhere in the world detailed “the broader threat posed by cyber actors affiliated with the government of Iran who actively targeted victims in the United States including critical infrastructure,” Wray said. But it remains to be seen if the indictment will have any impact.
“It’s all well and good to indict foreign nationals, but the reality is that they reside in a country that does not cooperate with the United States government, its intelligence services or law enforcement community,” said Andrew Hay, COO at LARES Consulting. “This means that the advisory has little to no teeth unless the FBI can put boots on the ground (which will not happen) or Iran decides to hand them over (which also will not happen). Unfortunately, this is just hand waving.”
Wray noted that the agency and law enforcement thwarted an attack from such actors targeting Boston Children’s Hospital in the summer of 2021. “Fortunately, before they could successfully launch their attack, we received a tip from a partner that the hospital had been targeted,” he said. “And working closely with the hospital, we were able to identify and defeat the threat protecting both the network and the sick children who depend on it. I’m very proud of our success thwarting that attack.”
He said this latest indictment, and the cybersecurity advisory “show what’s possible when federal and international partners work together and place a priority on close collaboration with victims,” even as the cybersecurity threat grows “more dangerous and complex every day.”
“In today’s operating climate, while the lines between criminal actors and nation-state actors may be blurred, it is clear that organizations don’t opt themselves in or out of the crosshairs,” said Tim Wade, deputy CTO at Vectra. “The effects of these threats roll downhill to individual, normal people who find essential services like critical utilities and health care under siege.”
Fundamentally, Wade said, “these threats must be engaged with head-on and, for this reason, it is encouraging to see such an announcement emphasizing the seriousness with which the FBI takes this mission.”
The agency has built a web of government, private sector and overseas partners to combat the still-dangerous threat of ransomware. Alluding to additional actions on the horizon “that were designed and sequenced in conjunction with this indictment to make a big dent in the threat,” Wray said upcoming steps will “show those responsible for these unconscionable attacks that if you try to hold our critical infrastructure for ransom, if you try to disrupt the way Americans live their daily lives, you’re going to be facing the full force of the U.S. government and its allies, and we will do everything in our power to bring you to justice.”
