The Washington Post reports the Trump administration announced sanctions and criminal indictments against an Iranian hacker network allegedly involved in “one of the largest state-sponsored hacking campaigns”:
Nine of 10 named individuals were connected to the Mabna Institute, a Shiraz-based tech firm that the Justice Department alleged hacks on behalf of Iranian universities and the IRGC. The institute conducted “massive, coordinated intrusions” into the computer systems of at least 144 U.S. universities and 176 foreign universities in 21 countries, including Britain and Canada, officials said.
The hackers stole more than 31 terabytes of data and intellectual property — the rough equivalent of three Libraries of Congress — from their victims, prosecutors alleged. Much of it ended up in the hands of the IRGC, which has frequently been accused of stealing information to further its own research and development of weaponry. The Guard Corps is the division of Iran’s security forces charged with overseeing Iranian proxy forces abroad and is under the direct control of the country’s religious leaders.
“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York.
“Iran is engaged in an ongoing campaign of malicious cyberactivity against the United States and our allies,” said Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence. “We will not tolerate the theft of U.S. intellectual property or intrusion into our research institutions and universities.”
Although lately there is a lot of news about Russian state sponsored cyber attacks, make no mistake, Russia is not the only country engaged in malicious cyberspace activity. Alongside Russia are China, North Korea, and Iran. These countries are responsible for the majority of the hacking activity around the globe. There are various reasons why these nations engage in cyber-based operations, not the least of which is surveillance against their enemies.
Here is an extremely simplified view of the landscape as it stands today.
China is primarily interested in stealing intellectual property. The Chinese would prefer to forego research and development costs, and would rather take the hard work already completed by others to use as the basis for their own technologies. China is mostly looking to increase their economic and military capabilities through these operations, with a strong emphasis on the former more than anything.
North Korea is completely cut off from the world banking system, so they have had to look to creative means of getting finances into the country. What North Korea has opted to do is conduct financially motived cyber attacks. They leverage ransomware to be paid in bitcoin by the victims, thus allowing the country to bypass global banking and siphon money back into Pyongyang.
Finally, Iran ultimately wants to protect itself from neighboring countries but would like to demonstrate its cyber-might. Consider it a mock revenge scenario. Stuxnet caused a lot of harm to the country and setback its nuclear program decades. Iran not only acquired firsthand knowledge of the destructive capabilities cyber weapons may cause, but also how easy it is to leverage cyber operations compared to traditional kinetic weaponry.
So again, although Russia has been the primary culprit in the news these days, there are other sophisticated nation state actors engaging in cyber operations for various reasons. It should come as no surprise to see Iran accused of a vast global cyber conspiracy.
One thing to consider, especially in light of Bolton being named Trump’s new National Security Advisor, is the administrations desire for war. This announcement may very well be a precurser to additional comments about Iran from the Trump administration. While I do not claim to have any specific knowledge of what is to come, the timing seems all too convenient.