Side hustle involved theft of intellectual property and government secrets
Two Iranian nationals have been charged in the US over a long-running cybercrime campaign that resulted in the theft of national security information, intellectual property, and personal data.
Hooman Heidarian (AKA “neo”), 30, and Mehdi Farhadi, 34, both of Hamedan, Iran, are alleged to have stolen hundreds of terabytes of data, partly at the behest of the Iranian government.
The duo’s wide-ranging campaign is said to have resulted in the theft of foreign policy intelligence, non-military nuclear information, aerospace data, human rights activist information, victims’ financial and personally identifiable information, and intellectual property, including unpublished scientific research.
Victims were located in Europe and the Middle East, as well as the US.
Confidential communications pertaining to national security also made up part of the haul, the US Department of Justice (DoJ) said in a news release on Wednesday (September 16).
According to the DoJ, Heidarian and Farhadi’s exploits began in 2013.
Their targets were said to include several American and foreign universities, a Washington-based think tank, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations, non-profits, and more.
The accused hackers allegedly scanned systems for security weaknesses before using a variety of hacking techniques including session hijacking and SQL injection to steal data from victim websites.
In addition, the pair deployed various forms of malware including remote access trojans and keyloggers to plant backdoors on compromised machines within targeted networks.
As well as stealing sensitive data, the miscreants frequently vandalized websites, often under the pseudonym “Sejeal” and posted messages that either mocked the Iranian opposition or foreign adversaries, including Israel and Saudi Arabia.
“In some instances, the defendants’ hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders,” the DoJ said.
“In other instances, the defendants sold the hacked data and information on the black market for private financial gain.”
Out of reach
The pair were charged with computer hacking, fraud, and aggravated identity theft offenses, as part of a 10-count indictment returned on September 15.
Both are still in Iran and therefore well outside the reach of US authorities.
The DoJ announcement follows a recent advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on how to defend against Iran-based threat actors.
YOU MIGHT ALSO LIKE European babycare retailer Windeln.de flags data exposure incident