WASHINGTON: The Justice Department said Wednesday that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.
The charges accuse the hacking suspects of targeting hundreds of entities in the US and around the world, including inside Britain, Australia, Iran, Russia and the US, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made. In some cases, the victims made those payments, the department said.
But a separate US Treasury announcement of sanctions said the three were part of a larger hacking group tied to Iran’s powerful Islamic Revolutionary Guard Corps (IRGC), and the US State Department has offered a $10 million reward for information on them.
The indictment identified the three as Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari.
It said that between October 2020 and August 2022, the men used known vulnerabilities in computer systems to attack multiple targets in the United States, stealing their data and demanding up to hundreds of thousands of dollars to have it returned.
Those included local governments, a shelter for victims of domestic violence, a children’s hospital in Boston, accounting firms and electricity generating companies.
The victims were not methodically chosen but were “targets of opportunity” whose computer systems were vulnerable to hacking, officials said.
“The indictment does not allege that these actors undertook these actions on behalf of the Government of Iran,” a senior Justice Department official told reporters.
The three “engaged in a pattern of hacking, cyber-theft, and extortion largely for personal gain,” FBI Director Chris Wray said in a separate statement.
But a concurrent announcement by the US Treasury said the three were part of a group of 10 Iranian hackers targeted with sanctions that was backed by the Revolutionary Guards.
“This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” the Treasury said.
Their actions align with those of known Iranian cyberattack operations which private cybersecurity groups have dubbed “APT35,” “Charming Kitten” and “Phosphorous,” Treasury added.
The Biden administration has tried to go after hackers who have held US targets essentially hostage, often sanctioned or sheltered by adversaries. The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.
Iran-based hackers have also been a focus over the last year, with the FBI last year thwarting a planned cyberattack on a children’s hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government.
“The cyber threat facing our nation is growing more dangerous and complex every day,” FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday. “Today’s announcement makes clear the threat is both local and global. It’s one we can’t ignore and it’s one we can’t fight on our own, either.”
the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps who it says have been involved in malicious cyber activities, including ransomware. The Treasury Department identified the three defendants in the Justice Department case as employees of a technology firm it says is affiliated with the Revolutionary Guard.
John Hultquist, vice president for threat intelligence at the cybersecurity firm Mandiant, said his team has been tracking the Iranian actors for some time and assessed they are contractors for the Revolutionary Guard who have been moonlighting as criminal hackers.
The actions come amid an apparent stalemate in talks between the US and Iran over the possible revival of a 2015 nuclear deal. Israel and some US lawmakers of both parties are pushing the Biden administration to get tougher on Iran, calling the negotiations on Iran’s nuclear program a failure.
The three accused hackers are thought to be in Iran and have not been arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country.
(With AFP and AP)
3 Iranian citizens charged in broad hacking campaign in US
https://arab.news/6cucw
3 Iranian citizens charged in broad hacking campaign in US
- Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein are citizens of Iran who own or are employed by private technology companies in the country
- Treasury Department also sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard
Israeli army ‘boards’ Freedom Flotilla Coalition’s Gaza-bound ship, group says
- Operated by the pro-Palestinian Freedom Flotilla Coalition, the British-flagged Madleen boat is currently off the Egyptian coast, heading slowly toward the Gaza Strip, which is besieged by Israel
CAIRO: The Freedom Flotilla Coalition said early on Monday that the Israeli military had “boarded” the Gaza-bound charity ship the Madleen.
Connections have been lost on the ship, the coalition added in a post on Telegram.
The Israeli navy is communicating with the Freedom Flotilla Coalition's Gaza-bound charity ship, the Madleen, instructing it to change its course as it approaches a restricted area, the Israeli foreign ministry said early on Monday.
The ministry referred to the ship as "selfie yacht" in a post on X.
Israeli hostages highlighted at Boulder Jewish Festival after attack on group urging their release
- Demonstrators handed out stickers stamped with “611,” representing the 611 days since the first Israeli hostages were taken by Hamas militants
BOULDER, Colorado: For the 611 days since Omri Miran was taken hostage by Hamas, his family has lived in fear, his brother-in-law told those gathered at the Boulder Jewish Festival on Sunday, one week after a man firebombed a group calling for the release of Israeli hostages at the mall where Moshe Lavi now spoke.
“We received only partial, limited and at times horrifying proof of life,” Lavi said to a hushed crowd. “We don’t know how much he’s suffering, deprived of food, water, sunlight, tortured, abused, as I speak to you now.”
For its 30th year, the Jewish cultural festival centered on the stories of Israeli hostages after authorities said man who yelled “Free Palestine” threw Molotov cocktails at Boulder demonstrators calling for their release. Festival organizers said they reimagined it to focus on healing and center the group’s cause — raising awareness of the 55 people believed to still be in captivity in Gaza.
Authorities said 15 people and a dog were victims of the attack at the Pearl Street pedestrian mall. They include eight women and seven men, ranging in age from 25 to 88. One is a Holocaust survivor.
Not all were physically injured, and some are considered victims for the legal case because they were present and could potentially have been hurt.
Run for Their Lives, the group targeted in the attack, started in October 2023 after Hamas militants from the Gaza Strip stormed into Israel, killing 1,200 people and taking 250 others hostage. The Boulder chapter, one of 230 worldwide, walks at the mall every weekend for 18 minutes, the numerical value of the Hebrew word “chai,” which means “life.”
Several hundred people joined the Sunday walk that typically draws only a couple dozen. Colorado Sen. John Hickenlooper was among the participants. Demonstrators handed out stickers stamped with “611,” representing the 611 days since the first Israeli hostages were taken by Hamas militants.
On a stage near the site of the attack, hundreds gathered to listen to speakers and songs. Vendors sold traditional Jewish and Israeli cuisine. In tents marked “Hostage Square,” rows of chairs sat empty save for photos of the hostages and the exhortation “Bring them home now!”
Lavi thanked local demonstrators for their bravery in advocating for his family. He described Miran as a gentle and loving gardener, husband and father to two young children.
Merav Tsubely, an Israeli-American who came to the festival from a city north of Boulder, watched as hostages’ families thanked those gathered in recorded video messages. One of Miran’s children appeared on screen and said in Hebrew, “When daddy comes back from Gaza, he’ll take me to kindergarten.”
“Just seeing them speaking to us, here, with all they’re going through, their supporting us is kind of mind blowing,” Tsubely said, her eyes welling. “It just reminds us how connected we all are.”
Mohamed Sabry Soliman, 45, was charged for the attack Thursday in Colorado state court with 118 counts, including attempted murder, assault, illegal use of explosives and animal cruelty. He was also charged with a hate crime in federal court.
Soliman, an Egyptian national who federal authorities say was living in the US illegally, told police he was driven by a desire “to kill all Zionist people,” a reference to the movement to establish and sustain a Jewish state in Israel.
The violence in downtown Boulder unfolded against the backdrop of the Israel-Hamas war, which continues to inflame global tensions and has contributed to a spike in antisemitism in the US It also came at the start of the holiday of Shavuot, which commemorates God giving the Torah to the Jewish people at Mount Sinai in Egypt.
US immigration officials took Soliman’s wife and five children, who also are Egyptian, into custody Tuesday. They have not been charged in the attack. A federal judge on Wednesday granted a request to block their deportation.
The Boulder Police Department and the FBI coordinated to provide increased security at the festival as well as local synagogues and the Boulder Jewish Community Center. Officers guarded the event’s entrances, and police Chief Stephen Redfearn said some plainclothes officers would be present in the crowd. On a rooftop near the stage, three held rifles and used binoculars to monitor the crowd as drones buzzed overhead.
Matan Gold-Edelstein’s father was present last weekend and helped douse the fire that burned an older woman. Gold-Edelstein, a 19-year-old college student, said the well-attended festival was a great show of humanity, regardless of religion or politics.
“We’re not here to be in support of a war,” he said. “We’re here in support of our religion, in support of our people and in support of the innocent people who are still being held hostage.”
Israel reveals tunnel under Gaza hospital, says body of Sinwar’s brother found there
- Hamas leaders Sinwar, Shabana found dead in tunnel after an Israeli strike
- Weapons and documents also found in tunnel
KHAN YOUNIS: The Israeli army said on Sunday it had retrieved the body of Hamas’ military chief, Mohammed Sinwar, in an underground tunnel beneath a hospital in southern Gaza, following a targeted operation last month.
Another senior Hamas leader, Mohammad Shabana, commander of the Rafah Brigade, was also found dead at the scene along with a number of other militants, who are still being identified, said IDF spokesperson, Brig. Gen. Effie Defrin.
Israeli forces gave a small group of foreign reporters a tour of the tunnel that had been uncovered beneath the European Hospital in Khan Younis, which Defrin said was a major command and control compound for Hamas.
“This is another example of the cynical use by Hamas, using civilians as human shields, using civilian infrastructure, hospitals, again and again,” said Defrin.
“We found underneath the hospital, right under the emergency room, a compound of a few rooms. In one of them we found, we killed Mohammed Sinwar,” he said.
Israeli Prime Minister Benjamin Netanyahu announced Sinwar’s death last month, but Defrin said they now had his DNA which proved beyond doubt it was him.
Hamas has not commented on reports of the death of either Sinwar or Shabana.
Sinwar was the younger brother of Yahya Sinwar, the Palestinian militant group’s deceased leader and mastermind of the October 2023 attack on Israel that killed 1,200 people according to Israeli tallies, and which triggered the Israeli invasion of Gaza.
Shabana was one of Hamas’s most senior and battle-hardened commanders in southern Gaza. He played a central role in constructing the network of tunnels under the southern city of Rafah, which were used for ambushes and cross-border raids.
The drive to Khan Younis in Israeli military vehicles showed widespread devastation, with countless buildings lying in ruins, and piles of rubble collected at the roadside.
The Israeli military has raided or besieged numerous hospitals during the war, alleging that Hamas uses them to conceal fighters and orchestrate operations — a charge Hamas has repeatedly denied. While Israel has presented evidence in certain cases, some of its assertions remain unverified.
Defrin said the army had carefully planned the strike near the European Hospital in order not to damage it.
A large trench dug in front of the Emergency Room entrance led down to a hole in the claustrophobic, concrete tunnel, which was used as a hideaway by Hamas fighters, the army said.
During the search of the site, Israeli forces recovered weapon stockpiles, ammunition, cash and documents that are now being reviewed for intelligence value.
“We will dismantle Hamas because we cannot live with this terror organization right in our backyard, right across our border,” Defrin said.
More than 54,000 Palestinians have died during the ongoing Israeli assault, according to Gaza health authorities. The UN has warned that most of Gaza’s 2.3 million population is at risk of famine.
Iranian authorities expand ban on dog walking
- Local authorities have periodically introduced bans on walking dogs in public spaces or carrying them in vehicles as part of a wider campaign to discourage their ownership
TEHRAN: Iranian authorities have expanded a ban on walking dogs in public to multiple cities nationwide, citing public health, social order and safety concerns, domestic media reported on Sunday.
The ban —which echoes a 2019 police directive that barred walking dogs in Tehran — was expanded to Ilam city in the west on Sunday, according to reports.
At least 17 other cities recently introduced similar bans, including Isfahan in the center and Kerman in the south.
Owning and walking dogs has been a contentious topic since the 1979 revolution in Iran, though there is no law outrightly banning dog ownership.
Many religious scholars, however, consider petting dogs or coming into contact with their saliva as "najis" or ritually impure, while some officials view them as a symbol of Western cultural influence.
Local authorities have periodically introduced bans on walking dogs in public spaces or carrying them in vehicles as part of a wider campaign to discourage their ownership.
Enforcing the restrictions has been largely inconsistent, as many owners continue to walk their dogs in Tehran and elsewhere across Iran.
On Sunday, the Etemad newspaper quoted an official from Ilam city as saying that "legal action will be taken against violators."
On Saturday, a state newspaper said the latest measures are aimed at "maintaining public order, ensuring safety and protecting public health."
"Dog walking is a threat to public health, peace and comfort," said Abbas Najafi, prosecutor of the western city of Hamedan, as quoted by Iran newspaper.
In 2021, some 75 lawmakers condemned pet ownership as a "destructive social problem," saying it could "gradually change the Iranian and Islamic way of life."
In 2017, Iran's supreme leader, Ali Khamenei, said that "keeping dogs for reasons other than herding, hunting, and guard dogs is considered reprehensible."
"If this practice resembles that of non-Muslims, promotes their culture, or causes harm and disturbance to neighbours, it is deemed forbidden," he added.
Israeli bulldozers flatten more Palestinian buildings in Tulkarm refugee camp
- Entire residential area reduced to rubble in recent days, residents say
- Israeli forces plan to destroy 58 structures in Tulkarm, 48 in Nur Shams
LONDON: Israeli forces have conducted demolitions for the third consecutive day in the Palestinian refugee camp of Tulkarm in the northern part of the West Bank, the site of military operations since January.
On Sunday, Israeli bulldozers resumed demolition of numerous residential buildings in the camp. The demolitions are part of the destruction plan of 58 structures in Tulkarm and 48 in the Nur Shams refugee camp.
More than 250 housing units and dozens of commercial establishments have been destroyed in both locations, according to Wafa news agency.
Residents say that an entire residential area in the Tulkarm camp has been reduced to rubble in recent days, with debris hindering access to surrounding buildings.
Israeli operations in Tulkarm for the past 133 days and in Nur Shams for the past 120 days have resulted in the deaths of 13 Palestinians and the displacement of almost 25,000 residents.
At least 400 homes have been destroyed and 2,573 damaged after Israeli forces sealed off roads and entrances with earth barriers and barred Palestinian residents from returning, the Wafa added.
