Nine Iranian nationals charged with taking part in four-year cyberattack campaign

Nine Iranian hackers have been charged by the U.S. Department of Justice (DoJ) with leading a four-year campaign of cyberattacks on universities and professors, private businesses, and the U.S. government on behalf of the Islamic Revolutionary Guard Corps, according to an indictment unsealed on Friday.

The nine men allegedly worked as contractors, associates or hired hackers for the Mabna Institute, an Iran-based company established in 2013 to steal scientific resources for Iranian university and research organizations. The hackers targeted 144 U.S. universities, stealing 31 terabytes of academic data and intellectual property. They also targeted 176 foreign universities and 47 private businesses, as well as five government agencies and the United Nations.

U.S. Deputy Attorney General Rod Rosenstein said the nine Iranian nationals acted on behalf of the Iranian government.

“The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property,” Rosenstein said. “This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

A special agent who investigated the case for the FBI’s New York Division said the primary goal of the hackers was to steal the usernames and passwords for professors’ accounts to they could “gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on.” Data was stolen from library databases, white papers, journals, research, and electronic books.

The Mabna institute allegedly targeted more than 100,000 professors with phishing cyber attacks. Its hackers gained access to the email accounts of approximately 8,000 professors working at 144 U.S. universities and 176 foreign universities. In addition to supply the data to the Iranian government, the Mabna Institute also sold it to two websites, Megapaper.ir and Gigapaper.ir, which then sold the stolen data to customers in Iran, according to the DoJ.

“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” U.S. Attorney Geoffrey Berman. said. “…The hackers targeted innovations and intellectual property from our country’s greatest minds. These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset — anonymity.”

FBI Director Christopher Wray said the prolonged cyber attack campaign represented a “complex threat in a dynamic landscape,” but Friday’s unsealed indictment underscores the FBI’s commitment to “vigorously pursue those that threaten U.S. property and security.”

“Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the government of the Islamic Republic of Iran: your acts do not go unnoticed,” Wray said. “We will protect our innovation, ideas and information, and we will use every tool in our toolbox to expose those who commit these cyber crimes. Our memory is long; we will hold them accountable under the law, no matter where they attempt to hide.”

The nine Iranian nationals named in the indictment are Gholamreza Rafatnejad, 38, Ehsan Mohammadi, 37, Abdollah Karima, aka Vahid Karima, 39, Mostafa Sadeghi, 28;,Seyed Ali Mirkarimi, 34, Mohammed Reza Sabahi, 26, Roozbeh Sabahi, 24, Abuzar Gohari Moqadam, 37, and Sajjad Tahmasebi, 30.