The Department of Justice on Wednesday unsealed an August indictment of three Iranian nationals who officials said are behind an international ransomware conspiracy that has targeted hundreds of corporate and government victims around the world for at least two years, CNBC reported.
The three men allegedly defrauded a township in New Jersey, a county in Wyoming, a regional electric power company in Mississippi and another in Indiana, a public housing authority in Washington state and a statewide bar association in an unnamed state.
DOJ officials said they believed the number of victims in the US alone reached well into the hundreds, with even more likely to be identified in the future.
The defendants were identified as Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari, and they are believed to be living in Iran.
None of them has been arrested, and officials admitted that US law enforcement has few options available to detain them in person, according to CNBC.
The three individuals carried out the alleged cyber attacks for their personal gain, and not under the direction of the Iranian government, DOJ officials said.
But it soon became clear that the relationship between Iran's government and the three alleged cyber criminals was more complicated than it had initially appeared.
Several hours after the Justice Department unsealed the indictments, the Treasury Department announced new sanctions against 10 Iranian nationals and two Iranian tech companies.
Ahmadi, Aghda and Ravari were among those sanctioned, and the two tech sanctioned companies are where the defendants work.
Treasury officials described all 10 of the sanctioned individuals as "affiliated with Iran's Islamic Revolutionary Guard Corps."
Iran has been blamed for a host of cyberattacks around the world in recent years, including two recent attacks that targeted Albanian systems.
Last week, Albania announced that it had severed diplomatic ties with Iran and expelled the country’s embassy staff after it blamed Iran for a July 15 cyberattack that targeted its government websites. Days later, Albania’s Interior Ministry said that one of its border systems was hit by a second cyberattack that came from the same Iranian source as the earlier attack.
Iran has rejected Albania’s accusation that it was behind the first cyberattack as "baseless" and called Albania's decision to sever diplomatic ties "an ill-considered and short-sighted action".
Iran has also been linked to cyberattacks in Israel, including last December when Israeli company Check Point identified no less than seven Iranian attacks on government ministries and large companies in Israel.