Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Charges Two State-Sponsored Iranian Hackers

Two Iranian hackers were indicted in the United States for allegedly engaging in numerous cyberattacks, some of them conducted on behalf of the government of Iran, the U.S. Department of Justice announced on Wednesday.

Two Iranian hackers were indicted in the United States for allegedly engaging in numerous cyberattacks, some of them conducted on behalf of the government of Iran, the U.S. Department of Justice announced on Wednesday.

The two, Hooman Heidarian (aka neo), 30, and Mehdi Farhadi (aka Mehdi Mahdavi, Mohammad Mehdi Farhadi Ramin), 34, both of Hamedan, Iran, were charged with conspiracy to commit fraud and wire fraud, unauthorized access to protected computers, unauthorized damage to protected computers, access device fraud, and aggravated identity theft.

Starting in at least 2013, the two launched coordinated attacks on an aerospace company, a defense contractor, several American and foreign universities, a think tank based in Washington, D.C., foreign governments, a foreign policy organization, non-governmental organizations (NGOs), and non-profits.

Many of the attacks were allegedly conducted in the interest of the Iranian government, targeting highly protected and extremely sensitive data related to national security communications, foreign policy, aerospace, financial and personally identifiable information, non-military nuclear data, intellectual property, and human rights activists.

Victims were selected after extensive online reconnaissance, with the information gathered at this stage often used in later phases to identify the soft spots of victim networks. Vulnerability-scanning tools were employed to identify security weaknesses.

A broad range of tools and methods were used to compromise and maintain access to victim networks, including session hijacking, SQL injection, and malware. Keyloggers and remote access Trojans were leveraged for persistence on the networks.

The defendants also created a botnet to spread malware, launch DDoS attacks, and send out spam. They also established automated forwarding rules to have new outgoing and incoming emails automatically sent to attacker-controlled accounts.

“Using these methods, the defendants stole hundreds of terabytes of data, including confidential victim work product and intellectual property, and personal identifying information, such as access credentials, names, addresses, phone numbers, Social Security numbers, and birthdates. The defendants marketed stolen data on the black market,” the DoJ says.

The defendants are also charged with defacing websites with political and other ideological content “for apparent purpose of projecting Iranian influence and threatening perceived enemies of Iran.”

Related: U.S. Charges Hackers for Defacing Sites in Response to Killing of Qasem Soleimani

Related: CISA Shares Details on Web Shells Employed by Iranian Hackers

Related: Iranian Hackers Target Critical Vulnerability in F5’s BIG-IP

Related: U.S. Charges Alleged Hackers of Chinese APT41 Group for Attacks on 100 Firms

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona