The Trump administration issued sanctions and indictments against nine individuals and one entity Friday for carrying out a wide-scale hacking campaign on behalf of the Iranian government.
In a statement released by the U.S Department of the Treasury, the nine Iranian nationals, all reportedly linked to an Iranian tech firm known as the Mabna Institute, are accused of attacking countless targets while contracting for Iran’s Islamic Revolutionary Guard Corps.
“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” said Treasury Under Secretary Sigal Mandelker. “We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities.”
According to Deputy Attorney General Rod Rosenstein, the Mabna Institute since 2013 has been responsible for hacks against “more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.”
More than 100,000 email addresses belonging to professors across the globe were targeted, 8,000 of which were successfully compromised.
“For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps,” Rosenstein said.
In total, the hackers have stolen more than 31 terabytes of data and intellectual property said to be worth around $3.4 billion.
Rosenstein described the U.S. government action as “one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice.”
The announcement by the Trump administration is aimed at, among other things, severely limiting the hackers’ ability to travel outside of Iran. Members of the hacking network now face the possibility of arrest and extradition to the U.S. from more than 100 countries.
— FBI New York (@NewYorkFBI) March 23, 2018
The move follows similar actions last week in which the White House blamed Russia for the NotPetya malware, attacks on critical U.S. infrastructure and interference in the 2016 election.
The Trump administration also blamed North Korea in December for the WannaCry ransomware attack.