News Department

3 Iranian nationals charged with engaging in computer intrusions, ransomware-style extortion against U.S. critical infrastructure providers

NEW JERSEY – An indictment was unsealed Wednesday charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen announced Wednesday.

Mansour Ahmadi, 34, Ahmad Khatibi Aghda, 45, and Amir Hossein Nickaein Ravari, 30, all residents of Iran, are each charged by indictment with one count of conspiring to commit computer fraud and related activity in connection with computers, one count of intentionally damaging a protected computer, and one count of transmitting a demand in relation to damaging a protected computer. Ahmadi is charged with one additional count of intentionally damaging a protected computer.

As alleged in the indictment, from October 2020 through the present, Ahmadi, aka “Mansur Ahmadi,” Aghda, aka “Ahmad Khatibi,” and Ravari, aka “Amir Hossein Nikaeen,” aka “Amir Hossein Nickaein,” and aka “Amir Nikayin,” engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims.

The defendants’ hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems. Ahmadi, Khatibi, Nickaein, and others, also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made.

The defendants victimized a broad range of organizations, including small businesses, government agencies, non-profit programs, and educational and religious institutions. Their victims also included multiple critical infrastructure sectors, including healthcare centers, transportation services, and utility providers.

“Ransom-related cyberattacks — like what happened here — are a particularly destructive form of cybercrime,” Sellinger said. “No form of cyber-attack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, are a threat to our national security. Hackers like these defendants go to great lengths to keep their identities secret, but there is always a digital trail. And we will find it.”

“These defendants may have been hacking and extorting victims – including critical infrastructure providers – for their personal gain, but the charges reflect how criminals can flourish in the safe haven that the Government of Iran has created and is responsible for,” Olsen said. “According to the Indictment, even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals.”

“I want the people of New Jersey, and across the country, to know that the FBI is working tirelessly every day to protect you from people and things you may never see,” Special Agent in Charge of the Newark Division James Dennehy said. “This coordinated, global effort amongst law enforcement and the intelligence community should send a clear message to those actors who think they can’t be found in cyberspace: the days of hiding behind a keyboard and perpetrating crimes against the American people without consequence are waning, and we will bring the full force of the American Justice system to disrupt your criminal behavior.”

According to documents filed in this case, In February 2021, the defendants and their conspirators targeted a township in Union County, New Jersey. They exploited known vulnerabilities to gain control and access to the township’s network and data and used a hacking tool to establish persistent remote access to a particular domain that was registered to Ahmadi.

In or before February 2022, the defendants and their conspirators targeted an accounting firm based in Morris County, New Jersey. They again exploited a known vulnerability to gain unauthorized access and then used a particular hacking tool to establish a connection to a server that was registered to Nickaein and steal data. In March 2022, the defendants launched an encryption attack against the accounting firm; after denying the firm access to some of its systems, Khatibi demanded payment of $50,000 in cryptocurrency and threatened to sell the data on the black market.

The defendants also compromised, and often encrypted and extorted, hundreds of other victims, including an accounting firm based in Illinois; a regional electric utility company based in Mississippi; a regional electric utility company based in Indiana; a public housing corporation in the State of Washington; a shelter for victims of domestic violence in Pennsylvania; a County government in Wyoming; a construction company located in the State of Washington that was engaged in work on critical infrastructure projects; and a state bar association.

Ahmadi, 34, Khatibi, 45, and Nickaein, 30, all residents of Iran, are each charged by indictment with one count of conspiring to commit computer fraud and related activity in connection with computers; one count of intentionally damaging a protected computer; and one count of transmitting a demand in relation to damaging a protected computer. Ahmadi is charged with one additional count of intentionally damaging a protected computer.

The conspiracy charge carries a maximum prison sentence of five years in prison. The intentional damage to protected computers charge carries a maximum sentence of 10 years in prison. The transmission of a ransom demand charge carries a maximum sentence of five years in prison. The offenses also carry a potential maximum fine of $250,000 or twice the gross amount of gain or loss resulting from the offense, whichever is greatest.

Jay Edwards

Born and raised in Northwest NJ, Jay has a degree in Communications and has had a life-long interest in local radio and various styles of music. Jay has held numerous jobs over the years such as stunt car driver, bartender, voice-over artist, traffic reporter (award winning), NY Yankee maintenance crewmember and peanut farm worker. His hobbies include mountain climbing, snowmobiling, cooking, performing stand-up comedy and he is an avid squirrel watcher. Jay has been a guest on America’s Morning Headquarters,program on The Weather Channel, and was interviewed by Sam Champion.

Related Articles

Back to top button