The Department of Justice (DOJ) and Department of Treasury’s Office of Foreign Assets Control (OFAC) charged one Iranian entity and nine Iranians on Friday in a hacking scheme to steal intellectual property and information from at least 144 United States-based universities, various companies, and government agencies for private financial gain.
The DOJ charged Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, aka Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30, under Executive Order (E.O.) 13694 for “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”
The stolen data and stolen login credentials acquired through the hacking were reportedly used to benefit Iran’s Islamic Revolutionary Guard Corps (IRGC).
‘These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,” Deputy Attorney General Rod Rosenstein said in a press release. “For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.
Treasury Under Secretary Sigal Mandelker said:
Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data. We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities. Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime’s malicious cyber practices, and hold it accountable for criminal cyber-attacks.
According to the Treasury Department:
The Mabna Institute is an Iran-based company that engaged in the theft of personal identifiers and economic resources for private financial gain. The organization was founded in or about 2013 to assist Iranian universities and scientific and research organizations in obtaining access to non-Iranian scientific resources. The Mabna Institute also contracted with Iranian governmental and private entities to conduct hacking activities on its behalf.
In addition to the designations related to the activities of the Mabna Institute, OFAC also designated Behzad Mesri, 29, known as “Sokoote Vahshat” (which means “Silent Fear” in Persian), for “engaging in significant malicious cyber-enabled misappropriation of economic resources, personal identifiers, and financial information for private financial gain for activities targeting a U.S. media company.”
Mesri was hit with criminal charges, accused of hacking HBO and prematurely releasing several Game of Thrones scripts, episodes of Curb Your Enthusiasm, and private executive emails.
In December 2015, a Santa Barbara lead security researcher discovered that Iranian hackers were behind the hacking of housing files at the University of California, Santa Barbara.