US indicts three Iranians in CNI cyber attack

Three Iranian nationals named Mansoor Ahmadi, Ahmad Khatibi Aghda and Amir Hossain Nikain Ravari Accused in the United States Alleged involvement in promoting cyber attacks targeting multiple victims, including operators in the US, UK, Israel and Iran Critical National Infrastructure (CNI).

The three are accused of exploiting known vulnerabilities in commonly used networking hardware and software to gain access to their targets’ systems, extract data and other information from them, and conduct several ransomware attacks.

In addition to organizations in the government, healthcare, transportation and utility sectors, the trio also targeted educational institutions, non-profits, religious organizations and small and medium-sized enterprises (SMEs).

U.S. Attorney Philip Selinger said, “Ransom-related cyberattacks – like what happened here – are a particularly devastating form of cybercrime.

“No cyberattack is acceptable, but ransomware attacks that target critical infrastructure services, such as health care facilities and government agencies, pose a threat to our national security. Hackers like these defendants go to great lengths to remain anonymous, but there is always a digital trail. And we I’ll find it.”

Assistant Attorney General Matthew Olsen added: “These defendants may be hacking and extorting victims — including providers of critical infrastructure — for their personal gain, but the charges reflect how criminals can thrive in the safe haven that the Iranian government has created and is responsible for.” for

“According to the allegations, even other Iranians are less safe because their own governments have failed to follow international norms and stop Iranian cybercriminals.”

The specific allegations in the indictment unsealed Sept. 14 in the state of New Jersey (NJ) relate to two incidents in the state within a year.

In the first incident, the defendants and their accomplices are accused of targeting a township in Union County, new jerseyIn February 2021, exploiting known vulnerabilities to gain access and control over local government networks, and establishing remote access to a domain registered to Ahmadi.

A year later, in February 2022, they were accused of targeting an accounting firm in nearby Morris County, again gaining access to and connecting to a server controlled by Nikein, which was used to exfiltrate data and, subsequently, launch a double extortion ransomware. was done attack, in which they demand a sum of $50,000 in cryptocurrency.

The group’s other victims are believed to number in the hundreds, and are said to include another accountancy firm in Illinois, a county government in Wyoming, a construction company in Washington, a domestic violence shelter in Pennsylvania, electric utilities in Indiana and Mississippi. A public housing corporation in Washington and an undisclosed state bar association.

The indictment includes one count of conspiracy to commit computer fraud and related activity, one count of willful damage to a protected computer and one count of transmitting a claim to damage a protected computer. Ahmadi is charged with an additional count of intentionally damaging a protected computer.

Collectively, the charges carry a maximum sentence of 20 years in prison and fines of up to $250,000, but because all three men are residents of Iran, barring significant geopolitical changes in the region, it is unlikely they will ever be extradited to stand trial. trial

Mandient Vice-president John Hultquist said he was tracking the group, which links to a cluster of threat activity known as Mandient UNC2448, which DEV-0270 and Cobalt Mirage have been tracking for some time. The group is known for its extensive scanning of various vulnerabilities, use of fast reverse proxy tools and ransomware activity using BitLocker.

It is associated with some confidence with Iran’s Revolutionary Guard Corps. However, Hultquist said, the actions the men are accused of may not have been ordered by Tehran.

“We believe that these organizations may be extorting criminals in addition to their status as contractors in the service of the IRGC. The IRGC relies heavily on contractors to run their cyber operations,” he said.

“This group is running a brazen, massive vulnerability scanning operation against targets in the US, Canada, Israel, UAE and Saudi Arabia, looking for vulnerabilities in VPNs and MS Exchange, among others.

US indicts three Iranians in CNI cyber attack

“Often, they are monetizing their access, but their ties to the IRGC make them particularly dangerous. Any access they gain can be used for purposes of espionage or disruption,” Hultquist said.

“For most people, this actor is likely to be a criminal problem, but if you’re the right target, they’ll turn you in for espionage or disruption,” he warned.

Source link

Leave a Comment

Watch the Dior Spring Summer’23 fashion show #DIORSS23 Basketball Wives star Brooke Bailey announces daughter passes away in car accident Fortnite Season 3 Ends And Season 4 Begins Chrissy Teigen: I Didn’t Have A Miscarriage, I Had An Abortion ‘To Save My Life’ Don’t Worry Darling movie review
%d bloggers like this: