In a coordinated effort across three district courts, the Department of Justice (DoJ) unsealed indictments this week in three separate cases against Iran-based individuals all alleged to have committed cyber intrusions on U.S.-based networks.
The announcements from the DoJ come in the same week that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint advisory that identified an Iran-based cyber actor targeting several Federal agencies and exploiting vulnerabilities of a virtual private network.
“This week’s unsealing of indictments and other disruptive actions serves as another reminder of the breadth and depth of Iranian malicious cyber activities targeting not only the United States, but countries all over the world,” said Assistant Attorney General for National Security John Demers, in a release.
An announcement Sept. 17 in Federal District Court for the Eastern District of Virginia charges three Iranian nationals with acting on behalf of the Islamic Revolutionary Guard Corps in socially engineered spear phishing campaigns targeting aerospace and satellite technology. At least one of the target lists included over 1,800 individuals across Australia, Israel, Singapore, the United States, and the United Kingdom, the U.S. alleges.
A Sept. 16 announcement of an indictment in Federal District Court for District of New Jersey charges two different Iranian nationals with hacking campaigns and cyber intrusions targeting computer systems in Europe, the Middle East, and the United States.
And a Sept. 15 announcement of an indictment in Federal District Court for the District of Massachusetts charges two individuals – one of whom is a citizen of Iran and the other a stateless national – with intrusions into, and defacements of, websites hosted in the United States.
The three indictments also coincided with action from the Department of the Treasury’s Office of Foreign Assets Control (OFAC), which imposed sanctions against 45 individuals and one front company associated with the Iranian-linked “Advanced Persistent Threat 39” (APT39).
“The FBI is using its unique partnerships and world-class capabilities to hold Iranian cyber actors publicly accountable for their actions,” said Executive Assistant Director Terry Wade of the FBI’s Criminal, Cyber, Response, and Services Branch, in the release. “No cyber actor should think they can compromise U.S. networks, steal our intellectual property, or hold our critical infrastructure at risk without incurring risk themselves.”