US Department of Treasury and US Department of Justice
charge Iranians and Iranian research institute with theft of intellectual
property from universities throughout the world. The press release from the US Department of
Treasury names the Iranians.
Specifically, the press release states:
Today’s
action designates one Iranian entity and 10 Iranian
nationals pursuant to E.O. 13694, as amended, which targets malicious
cyber activities, including those related to the significant
misappropriation of funds or economic resources, trade secrets, personal
identifiers, or financial information for private financial gain.
The Mabna Institute is an Iran-based company
that engaged in the theft of personal identifiers and economic resources
for private financial gain. The organization was founded in or about
2013 to assist Iranian universities and scientific and research organizations
in obtaining access to non-Iranian scientific resources. The Mabna
Institute also contracted with Iranian governmental and private
entities to conduct hacking activities
on its behalf.
The Mabna Institute conducted massive,
coordinated cyber intrusions into computer systems belonging to at least
approximately 144 United States-based universities, in addition to at least 176
universities located in 21 foreign countries: Australia, Canada, China,
Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, the
Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden,
Switzerland, Turkey, and the United Kingdom.
The exfiltrated data and stolen login credentials acquired
through these malicious cyber-enabled activities were used for
the benefit of Iran’s Islamic Revolutionary Guard
Corps (IRGC), and were also sold within Iran through at least
two websites. The stolen login credentials belonging to university
professors were used to directly access online university library
systems.
Today, OFAC is also designating
nine Iran-based individuals who were leaders, contractors,
associates, hackers for hire, and affiliates of the Mabna Institute for
engaging in malicious cyber-enabled activities related to the significant
misappropriation of economic resources or personal identifiers for
private financial gain.
According to a Reuters article, this type of action was
relatively rare under the Obama Administration.
No comments:
Post a Comment