Iranians named Mansur Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein were charged on Wednesday with launching cyberattacks against U.S and global critical infrastructure. Hundreds of computers in the U.S., Russia, Israel, the United Kingdom and organizations in Iran were attacked, according to Politico. Beginning in October 2020, health care groups, transportation and utility companies, along with a domestic violence shelter and state and county governments were targeted by the Iranian hackers. While the hackers did not carry out attacks on behalf of the Iranian government, the government allowed the attacks to take place. The Iranians were indicted on four counts, including intentionally damaging protected computers and transmitting ransom demands. The FBI added all three to its most wanted list, and the State Department is offering a $10 million reward for information on the suspects as part of its Rewards for Justice program. “These three individuals are among a group of cyber criminals whose attacks represent a direct assault on the critical infrastructure and public services we all depend on,” said FBI Director Christopher Wray.
Even if they are never apprehended, the indictment makes the three defendants fugitives and limits their ability to travel outside of Iran. It’s not clear from the indictment how much information may have been stolen or how it was used. The Treasury Department’s Office of Foreign Assets Control announced sanctions against 10 individuals and two groups affiliated with the Iranian Islamic Revolutionary Guard Corps. The sanctioned individuals, who include the three Iranians charged by the Justice Department, and groups are alleged to have carried out ransomware and other cyberattacks since at least 2020. “We are not going to sit quietly by and let them harass victims like state governments, county governments, violence shelters and the like,” a Justice Department official said. A joint cybersecurity advisory was released by agencies in the U.S., the United Kingdom, Australia and Canada warning of Iranian-affilated hackers carrying carry out ransomware attacks. The actions by the Justice Department came a week after the White House condemned Iran for allegedly carrying out widespread cyberattacks in July on the Albanian government, and after the Treasury Department sanctioned Iran’s intelligence agency and its leader in connection to the attacks.