The Justice Department on Friday revealed charges against an Iranian hacking ring that prosecutors say spent years pilfering research and documents from over 100 American universities and government agencies.
Geoffrey Berman, the U.S. attorney for the Southern District of New York, called it a “massive and brazen cyber-assault” and “one of the largest state-sponsored hacking campaigns ever prosecuted” by U.S. officials.
The case is the second time federal prosecutors have charged Iranian government-linked hackers, coming almost exactly two years after DOJ indicted seven Iranians for a series of coordinated cyberattacks against the U.S. financial sector and for infiltrating a New York dam in 2013.
But Friday’s charges represent the takedown of a broader — and more purposeful — digital theft campaign.
DOJ specifically targeted the Iran-based Mabna Institute, which it says was founded in 2013 “to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.”
Over the course of four years, prosecutors say, hackers working for the Mabna Institute stole at least 31 terabytes of data from 144 American universities, totaling $3.4 billion in intellectual property. The group also cracked into 176 foreign universities, DOJ said.
Beyond universities, the Iranians hit five U.S. government agencies, including the state governments in Hawaii and Indiana, as well as the Federal Energy Regulatory Commission, which oversees the energy industry, and the Department of Labor.
The group also infiltrated the United Nations and the United Nations Children’s Fund, DOJ said.
In total, prosecutors indicted nine Iranians for participating in the scheme, which continued until at least December 2017, according to a release.
Over those years, the indicted Mabna hackers breached the email accounts of roughly 8,000 professors.
The hackers conducted “many” of the intrusions “on behalf of” Iran’s Islamic Revolutionary Guard Corps, “as well as other Iranian government and university clients,” according to DOJ.
“The hackers targeted innovations and intellectual property from our country’s greatest minds,” Berman said.
The Treasury Department also slapped sanctions on the Mabna Institute and the nine charged individuals.
While none of the charged hackers have been detained, Berman said the indictments would restrict their lives.
“The only way they will see the outside world is through their computer screens, but stripped of their greatest asset — anonymity,” he said.