US indicts two hackers for retaliating for Soleimani’s killing; more Iran-related charges expected soon
U.S. prosecutors have indicted two hackers, including an Iranian national, for allegedly defacing a slew of websites in retaliation for the U.S. killing of a top Iranian general in January.
The indictment returned by a federal grand jury in Massachusetts accuses Behzad Mohammadzadeh, an Iranian thought to be 19, and Marwan Abusrour, a 25-year-old Palestinian, of attacking U.S. websites and planting messages such as “Down with America.” Mohammadzadeh is a “self-described spammer” who allegedly traffics in stolen credit cards, the Department of Justice said.
Such defacement attacks do not require much skill, and are not the retaliatory cyberattacks that officials feared after the U.S. military killed Qassem Soleimani, Iran’s top general. The FBI had warned companies that Iranian hackers had stepped up their reconnaissance in the immediate aftermath of the Soleimani killing.
The indictment unsealed Tuesday is one of multiple indictments that U.S. prosecutors are expected to announce this week related to Iranian hacking, according to two people familiar with the matter. It is part of long-running effort by federal agencies to clamp down on hacking emanating from the Islamic Republic. Officials declined to elaborate on details contained in the other indictments.
“Iran remains a great concern to us and we’re going to continue to keep pressure on them,” a Department of Justice official told CyberScoop.
While often rated secondary to those of China or Russia, Iran’s cyber-capabilities are still substantial. Tehran-linked hacking groups carried out data-destroying attacks at industrial companies across the Middle East, including on oil giant Saudi Aramco in 2012. In the U.S., Iranian hackers have tried to break into accounts associated with the Trump campaign and probed software used in industrial control systems, according to Microsoft. Such activity is far more concerning to analysts than the cyber-vandalism allegedly committed by Mohammadzadeh and Abusrour.
The charges this week wouldn’t be the first time the Department of Justice has pursued Iranian hackers.
In November 2018, the department unsealed indictments against two Iranian men for using the so-called SamSam ransomware to cause tens of millions in damage through cyberattacks on U.S. cities. Investigators said the two men were working on their own and not at the behest of the Iranian government.
In March 2018, U.S. prosecutors charged nine Iranians for hacking into U.S. universities, government agencies and companies, often at the behest of the Iranian Revolutionary Guard Corps.
The Iranian government has repeatedly denied conducting such cyberattacks.
The indictment is available in full below.
[documentcloud url=”http://www.documentcloud.org/documents/7208984-Mohammadzadeh-and-Aubsrour-Indictment-0.html” responsive=true]