Side hustle involved theft of intellectual property and government secrets

Two Iranian nationals have been charged in the US over a long-running cybercrime campaign that resulted in the theft of national security information, intellectual property, and personal data.

Hooman Heidarian (AKA “neo”), 30, and Mehdi Farhadi, 34, both of Hamedan, Iran, are alleged to have stolen hundreds of terabytes of data, partly at the behest of the Iranian government.

The duo’s wide-ranging campaign is said to have resulted in the theft of foreign policy intelligence, non-military nuclear information, aerospace data, human rights activist information, victims’ financial and personally identifiable information, and intellectual property, including unpublished scientific research.

Victims were located in Europe and the Middle East, as well as the US.

Confidential communications pertaining to national security also made up part of the haul, the US Department of Justice (DoJ) said in a news release on Wednesday (September 16).

Running amok

According to the DoJ, Heidarian and Farhadi’s exploits began in 2013.

Their targets were said to include several American and foreign universities, a Washington-based think tank, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations, non-profits, and more.

The accused hackers allegedly scanned systems for security weaknesses before using a variety of hacking techniques including session hijacking and SQL injection to steal data from victim websites.

In addition, the pair deployed various forms of malware including remote access trojans and keyloggers to plant backdoors on compromised machines within targeted networks.

Read more of the latest cybercrime news

As well as stealing sensitive data, the miscreants frequently vandalized websites, often under the pseudonym “Sejeal” and posted messages that either mocked the Iranian opposition or foreign adversaries, including Israel and Saudi Arabia.

“In some instances, the defendants’ hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders,” the DoJ said.

“In other instances, the defendants sold the hacked data and information on the black market for private financial gain.”

Out of reach

The pair were charged with computer hacking, fraud, and aggravated identity theft offenses, as part of a 10-count indictment returned on September 15.

Both are still in Iran and therefore well outside the reach of US authorities.

Mehdi Farhadi and Hooman Heidarian are now both fugitives from US justice and have each been added to the FBI’s Most Wanted list.

The DoJ announcement follows a recent advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on how to defend against Iran-based threat actors.

YOU MIGHT ALSO LIKE European babycare retailer flags data exposure incident