The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

U.S. Charges Nine Iranians Following Cyber Theft Campaign on Universities, Government



The Department of Justice said Friday hackers from Iran purportedly stole more than 31 terabytes of academic data and intellectual property from universities and government entities.

The U.S. Justice Department on Friday indicted nine Iranians and an Iranian company over charges it hacked into hundreds of U.S. and international universities, companies, and even parts of the U.S. government over the last five years, stealing billions of dollars worth of data.

The company behind the hacking, according to a Justice Department press release, was Mabna Institute, a private government contractor operating on behalf of Iran's Islamic Revolutionary Guard Corps.

The campaign successfully exfiltrated more than 31 terabytes of data and intellectual property. The data included information, much of it academic from universities. Government entities like the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children's Fund were also targeted.

U.S. Deputy Attorney General Rod Rosenstein called the nine men "fugitives from justice," in a press conference Friday morning. The charges, as indicted by a federal grand jury in the Southern District of New York, include conspiracy to commit computer intrusions, conspiracy to commit wire fraud, computer fraud - unauthorized access for private financial gain, wire fraud, and aggravated identity theft.

“By bringing these criminal charges, we reinforce a norm that most of the civilized world accepts: nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage,” Rosenstein said.

According to the FBI each of the nine men was either a leader, contractor, associate, hacker for hire, or an affiliate of Mabna Institute.

The campaign wasn't strictly focused on America. While 144 U.S. universities were hacked 176 universities in 21 foreign countries were also struck.

The campaign relied on fairly sophisticated spear-phishing emails. According to the indictment the attackers emailed professors pretending to be a professor at another university. The emails claimed the attacker had read an article the professor recently had published. If the victim clicked through a link included in the email they'd be brought to a domain that looked "confusingly similar to the authentic domain of the recipient professor's university."

By design the goal of the attack was to trick the victim into thinking they'd been logged out of their university's computer system. Once they entered their credentials the information was stolen by attackers.

It's the fourth time the Trump administration has called out a foreign government for carrying out cyber attacks against the U.S.

It was only last week that the Department of Homeland Security released details of Russia's involvement in a plot targeting U.S. government entities and critical infrastructure. The news coincided with sanctions against the country.

Like it did last week the U.S. Treasury Department announced that as a result of the news it was placing sanctions on the Iranian individuals and Mabna Institute.

According to Reuters U.S. major internet infrastructure companies should expect repercussions from the attacks from Iran. The news agency cited an executive an an unnamed company who reportedly received an alert warning of retribution, likely distributed denial of service (DDoS) attacks.

The IRGC, a branch of Iran's Armed Forces, was also behind the hack of a small dam in Rye Brook, New York in 2013. The group was also behind a series of hacks in 2015, including the compromise of social media accounts of Obama administration officials.

Photo by Sebastian Pichler on Unsplash

Chris Brook

WHITEPAPERS

A Data-Centric Approach to Federal Government Security

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.