DOJ Indicts Iranian Hackers for Breaching 144 Different US Universities in Spearphishing Attack

A pack of nine Iranian phishing hackers, working for the Islamic Revolutionary Guard Corps (IRGC), were indicted Friday by the Trump administration on seven counts of identity theft and conspiracy to commit computer intrusions at more than 140 U.S. universities. The hackers, who are unlikely to ever be tried in an American court for their crimes, got away with 31 terabytes of data and intellectual property — or the rough equivalent of three Libraries of Congress, according to the Washington Post.

According to the indictment, their scheme involved targeting more than 100,000 professor email accounts through what is known as a “spearphishing” campaign, defined as a “targeted form of phishing in which fraudulent emails target specific organizations in an effort to gain access to confidential information.”

The hackers, who are reportedly affiliated with the Shiraz-based tech firm Mabna Institute, an entity known to hack on behalf of the IRGC and Iranian universities, are being accused of stealing research that amounts to roughly a $3.4 billion theft.

Also included in the indictment are 36 U.S.-based private companies as well as companies based in Germany, Italy, Switzerland, Sweden and the United Kingdom. Government agencies were also targeted, including the Labor Department, the Federal Energy Regulatory Commission and the United Nations.

“That type of criminal activity does not just cause economic harm,” Deputy Attorney General Rod Rosenstein said in announcing the indictments Friday. “It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice.”

The actions against the Iranian hackers — one of whom was accused in November of hacking HBO and stealing unaired episodes of programs such “Game of Thrones” — are part of a broader Trump administration strategy to deal more harshly with both acts of cyberespionage and malicious attacks originating from Iran.

“Iran is engaged in an ongoing campaign of malicious cyberactivity against the United States and our allies,” said Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence. “We will not tolerate the theft of U.S. intellectual property or intrusion into our research institutions and universities.”

The indicted and sanctioned individuals will face difficulty traveling to more than 100 countries for fear of arrest and extradition to the U.S. Their U.S. assets have also been frozen and business transactions with U.S. entities are also forbidden.

“We reinforce the norm that most of the civilized world accepts: Nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage,” Rosenstein said of bringing formal charges against the hackers.

The Treasury Department’s Office of Foreign Assets Control were responsible for issuing sanctions against the responsible parties on Friday.