Cyber Brief: Iranian Cyber in America

The United States Department of Justice recently announced the indictment of nine Iranian citizens for actions related to cyber-enabled theft of research, data, and intellectual property, a constant threat to both public and private interests.  Iran itself has been a target of major foreign cyber intrusions – most notably the 2009-2010 Stuxnet attacks on its nuclear enrichment facilities – and its sophisticated capabilities in the cyber field have made it a growing worry for cyber defenders in the U.S. and elsewhere, as DNI Dan Coats wrote in the 2017 Worldwide Threat Assessment.  Today’s Cyber Brief includes the indictment and provides several documents from the Cyber Vault related to Iranian cyber threats.

New

United-States-District-Court-for-the-Southern

United States District Court for the Southern District of New York, “United States of America v. Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima a/k/a Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammad Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi”, March 23 2018. Unclassified.
Source
The United States Attorney’s Office for the Southern District of New York

This indictment charges nine Iranian citizens related to the Mabna Institute for participating in a coordinated cyber campaign to steal more than 30 terabytes of academic data and intellectual property from private companies and hundreds of universities.

From the Vault

National Security Agency,"Topic: Iran – Current Topics, Interaction with GCHQ." January 8 2007. TOP SECRET/COMINT/NOFORN.

These talking points, prepared for the NSA director's meeting with the head of the United Kingdom's Government Communications Headquarters, includes a section devoted to Iranian cyber attacks on U.S. financial institutions and Saudi Aramco.

Frank J. Cilluffo, Director, Homeland Security Policy Institute, George Washington University, Statement to Subcommittee on Counterterrorism and Intelligence and Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, "The Iranian Cyber Threat to the United States," April 26, 2012.

Ilan Berman, American Foreign Policy Council, Statement to Subcommittee on Counterterrorism and Intelligence and Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, "The Iranian Cyber Threat to the U.S. Homeland," April 26, 2012. Unclassified.

Dan Lungren, Statement to Subcommittee on Counterterrorism and Intelligence and Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, "Iranian Cyber Threat to the U.S. Homeland," April 26, 2012. Unclassified.

Pat Meehan, Statement to Subcommittee on Counterterrorism and Intelligence and Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, "Iranian Cyber Threat to the U.S. Homeland," April 26, 2012. Unclassified.

Substantial attention has been devoted to Chinese cyberwarfare activities in the reports of private and government organizations as well as in Congressional hearings. While Iranian cyber activities were noted in the 2012 testimony of Director of National Intelligence James Clapper, who characterized them as "dramatically increasing in recent years in depth and complexity," they have received less attention that those of the People's Republic of China. These hearings, before a subcommittee of the House Committee on Homeland Security, involve assessments of the Iranian cyber threat by two Congressmen and representatives of two private organizations.

Office of Public Affairs, Department of Justice, "Seven Iranians Working for Islamic Revolutionary Guard Corps - Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector," March 24, 2016. Unclassified.

This Justice Department press release announces the indictment of seven Iranians charged with engaging in hacking activities under the auspices of the Iran's Revolutionary Guard Corps. Those activities were alleged to be targeted against U.S. financial institutions as well as, in the case of one of the indicted, the supervisory control and data acquisition (SCADA) systems of an upstate New York dam.

United States District Court for the District of Vermont, "United States of America v. Mohammed Saeed Ajily and Mohammed Reza Rezakhah, Defendants, Superseding Indictment," Filed April 21, 2016. Unclassified.

This recently unsealed indictment charges two Iranian nationals with stealing software from an engineering company specializing in projectiles and aerodynamics analysis for resale to individuals related to Iranian universities, military, and government in direct violation of US sanctions and "defense article" licensing.

James R. Clapper, Marcel Lettre, Admiral Michael S. Rogers, Joint Statement for the Record to the Senate Armed Services Committee, "Foreign Cyber Threats to the United States," January 5, 2017. Unclassified.

In their joint statement, the DNI, Under Secretary Defense for Intelligence, and the Director of NSA/Commander, U.S. Cyber Command discuss a variety of consequences of cyber threats - physical, commercial, psychological consequences - as cyber policy, diplomacy, and warfare. In addition, the statement discusses a number of cyber threat actors - nation states (Russia, China, North Korea, Iran), terrorists, and criminals - and responses to cyber threats.

Federal Bureau of Investigation, Flash Alert: IP Addresses and Domains Used by Likely Iran-Based Cyber Actors to Attack Victims Worldwide, July 25 2017. Unclassified.

This flash alert warns that Iran-based cyber actors are using US private networks to launch attacks against rivals in the Middle East.