US Charges Three Iranians for Ransomware Attacks on Women’s Shelter, Businesses

A silhouetted Iranian woman walks past an anti-US wall painting on the wall of former US embassy in the capital city of Tehran, Iran, 05 September 2022. (EPA)
A silhouetted Iranian woman walks past an anti-US wall painting on the wall of former US embassy in the capital city of Tehran, Iran, 05 September 2022. (EPA)
TT

US Charges Three Iranians for Ransomware Attacks on Women’s Shelter, Businesses

A silhouetted Iranian woman walks past an anti-US wall painting on the wall of former US embassy in the capital city of Tehran, Iran, 05 September 2022. (EPA)
A silhouetted Iranian woman walks past an anti-US wall painting on the wall of former US embassy in the capital city of Tehran, Iran, 05 September 2022. (EPA)

Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking in to their computer systems, US officials said on Wednesday.

Other targets included local US governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers' association, according to charges filed by the US Justice Department.

While the criminal charges do not say whether the alleged hackers worked for the Iranian government, a separate US Treasury Department statement said they were affiliated with the Iranian Revolutionary Guard Corps, an Iranian intelligence and security force.

A senior Justice Department official said the Iran government does not discourage residents from engaging in hacking, as long as it is directed outside the country.

Iran's mission to the United Nations in New York did not immediately respond to a request for comment.

The defendants, named Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein, are citizens of Iran who own or are employed by private technology companies in the country.

The Treasury Department also imposed sanctions on the three Iranians, as well as several other individuals and two organizations they said were part of Tehran's "malicious" cyber and ransomware activity.

The alleged hackers face little chance of being arrested, as they are believed to be living freely in Iran. But officials said the charges will make it difficult for them to travel or find work outside the country, as is the preference of many educated Iranians.

According to the charges, the three men infiltrated the computer systems of a wide range of businesses and governments between October 2020 and August 2022, encrypted their data and demanded bitcoin payments of up to hundreds of thousands of dollars.

Some victims, including the domestic violence shelter, opted to pay the ransom to recover their data.

Such ransomware attacks have skyrocketed over the past decade, damaging scores of US companies and other organizations around the globe.

In June last year, the Justice Department said it was elevating ransomware investigations to a similar priority as terrorism in the wake of a major, disruptive attack on a US pipeline company, which led to localized gas shortages on the US East coast.



Two NATO Members Say Russian Drones Have Violated Their Airspace

 A local resident walks past a destroyed vehicle following the shelling, which local Russian-installed authorities called a Ukrainian military strike, in the course of Russia-Ukraine conflict in Makiivka (Makeyevka) in the Donetsk region, Russian-controlled Ukraine, September 8, 2024. (Reuters)
A local resident walks past a destroyed vehicle following the shelling, which local Russian-installed authorities called a Ukrainian military strike, in the course of Russia-Ukraine conflict in Makiivka (Makeyevka) in the Donetsk region, Russian-controlled Ukraine, September 8, 2024. (Reuters)
TT

Two NATO Members Say Russian Drones Have Violated Their Airspace

 A local resident walks past a destroyed vehicle following the shelling, which local Russian-installed authorities called a Ukrainian military strike, in the course of Russia-Ukraine conflict in Makiivka (Makeyevka) in the Donetsk region, Russian-controlled Ukraine, September 8, 2024. (Reuters)
A local resident walks past a destroyed vehicle following the shelling, which local Russian-installed authorities called a Ukrainian military strike, in the course of Russia-Ukraine conflict in Makiivka (Makeyevka) in the Donetsk region, Russian-controlled Ukraine, September 8, 2024. (Reuters)

Two NATO members said Sunday that Russian drones have violated their airspace, as one reportedly flew into Romania during nighttime attacks on neighboring Ukraine while another crashed in eastern Latvia the previous day.

A drone entered Romanian territory early on Sunday as Moscow struck “civilian targets and port infrastructure” across the Danube in Ukraine, Romania's Ministry of National Defense reported. It added Bucharest had deployed F-16 warplanes to monitor its airspace and issued text alerts to residents of two eastern regions.

It also said investigations were underway of a potential “impact zone” in an uninhabited zone along the Romanian-Ukrainian border. There were no immediate reports of any casualties or damage.

Later on Sunday, Latvia’s Defense Minister Andris Sprūds said that a Russian drone fell the day before near the town of Rezekne, and had likely strayed into Latvia from neighboring Belarus.

Rezekne, home to over 25,000 people, lies some 55 kilometers (34 miles) west of Russia and around 75 kilometers (47 miles) from Belarus, the Kremlin’s close and dependent ally.

While the incursion into Latvian airspace appeared to be a rare incident, Romania has confirmed drone fragments on its territory on several occasions since Russia invaded Ukraine in February 2022, as recently as July this year.

Mircea Geoana, NATO's outgoing deputy secretary-general and Romania's former top diplomat, said on Sunday morning that the military alliance condemned Russia’s violation of Romanian airspace. “While we have no information indicating an intentional attack by Russia against Allies, these acts are irresponsible and potentially dangerous,” he wrote on X.

Latvia's military on Sunday similarly said that there were no indications that Moscow or Minsk purposely sent a drone into the country. In a public statement, the military said it had identified the crash site, and that a probe was ongoing.

Sprūds, the Latvian defense minister, sought to downplay the significance of the drone incursion.

“I can confirm that there are no victims here and also no property is infringed in any way,” Defense Minister Andris Sprūds told the Latvian Radio on Sunday, adding that any risks in the event were immediately eliminated: “Of course, it is a serious incident, as it is once again a reminder of what kind of neighboring countries we live next to.”