The Department of Justice (DOJ) on Wednesday charged three Iranian nationals for alleged cyber attacks targeting U.S. infrastructure and local governments.
Within the United States, the three targeted a broad range of organizations such as businesses, government agencies, nonprofits, religious groups, and educational entities, the DOJ said. Healthcare centers, transportation services, and utility companies were also targeted.
Officials said the hackers were thwarted before they could do actual damage to critical infrastructure. Some victims, however, paid ransom to the individuals to regain access to their computer systems, the DOJ said.
The three alleged hackers broke into the networks of a New Jersey local government, a Mississippi power company, an Indiana utility, a domestic violence shelter in Pennsylvania, and others, according to the court document.
According to the indictment, the Iranians in March of this year allegedly demanded $50,000 in cryptocurrency from a New Jersey accounting company after breaching its computer system. Khatibi then allegedly emailed a representative of the company, asking: “Are you ready to pay?”
And in another one, he alleged that he locked “more than 20 systems” and demanded: “If you don’t want to pay, I can sell your data on the black market. This choice is yours.”
DOJ officials said the three men are believed to still reside in Iran. The United States and Iran haven’t resumed official diplomatic relations since the revolution that installed the current regime in Tehran four decades ago, meaning that it’s unlikely the three suspects will ever be extradited to the United States to be tried in an American court.
The suspects targeted “known vulnerabilities” within victims’ systems before encrypting and stealing data from the networks. They then would threaten to release the stolen data if they weren’t paid a ransom.
