Countering State-Sponsored Cybercrime

The Office has moved aggressively to investigate and prosecute cybercrime cases, with an emphasis on combatting state-sponsored hacking campaigns.     

• Charges Against Nine Iranian-Government Sponsored Hackers:  In March 2018, the Office unsealed charges against nine Iranians associated with the Mabna Institute, which conducted a massive computer hacking campaign on behalf of Iran’s Islamic Revolutionary Guard Corps.  As alleged, the Mabna Institute is responsible for stealing academic research, intellectual property, and other confidential business information from 144 U.S.-based universities, 176 universities in 21 foreign countries, 47 domestic and foreign private sector companies, and several U.S. Government agencies, among other victims. The Mabna case was the product of multiple federal and international agencies dedicated work to take down this state-sponsored hacking group.  Criminal charges were announced in coordination with sanctions imposed by the Department of Treasury’s Office of Foreign Asset Control, which designated the Mabna Institute and its hackers for sanctions for conducting malicious cyber activities.
   
• Charges Against Two Chinese-Government Sponsored Hackers:  In December 2018, the Office charged two Chinese nationals affiliated with the Chinese-sponsored hacking group “APT10” with conducting extensive hacking campaigns on behalf of the Chinese government to steal intellectual property and confidential business information from more than 45 technology and defense companies. APT10, known as an “Advanced Persistence Threat” group, compromised data held by managed service providers, firms that other companies trust to store, process, and protect commercial data, including intellectual property and other confidential business information.

• Charges Against Seven Iranian Hackers for State-Sponsored Cyber Attacks: In March 2016, the Office charged seven Iranian nationals for conducting a state-sponsored coordinated series of “Distributed Denial of Service attacks against the U.S. Financial Sector between 2011 and 2013.  The seven defendants were allegedly associated with two Iran-based cybersecurity companies – ITSec Team and Mersad – that operated as fronts for the Iran government’s offensive cyber operations.  During the campaign, the defendants leveraged large botnets consisting of thousands of compromised servers around the world to systematically send malicious Internet traffic to servers belonging to 46 U.S. banks, resulting in disabling the servers and costing the banks tens of millions of dollars to remediate.  Notably, the indictment separately charged one of the ITSec Team defendants, Hamid Firoozi, with the 2013 compromise of the Supervisory Control and Data Acquisition systems of the Bowman Dam in Rye, New York.  Had the sluice gate (the gate that controls the flow of water released through the dam) not been disconnected from the system for maintenance, the compromise would have allowed the Iranian government to remotely control the operations of the dam.