COURT DOC: Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

DoJ announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a ‘Vahid Karima,’ MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.

The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.

Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations. The defendants conducted many of these intrusions on behalf of the Islamic Republic of Irans (‘Iran’) Islamic Revolutionary Guard Corps (‘IRGC’), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients. In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment. (Source: U.S. Department of Justice)