WASHINGTON: The Justice Department said Wednesday that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.
The charges accuse the hacking suspects of targeting hundreds of entities in the US and around the world, including inside Britain, Australia, Iran, Russia and the US, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made. In some cases, the victims made those payments, the department said.
But a separate US Treasury announcement of sanctions said the three were part of a larger hacking group tied to Iran’s powerful Islamic Revolutionary Guard Corps (IRGC), and the US State Department has offered a $10 million reward for information on them.
The indictment identified the three as Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari.
It said that between October 2020 and August 2022, the men used known vulnerabilities in computer systems to attack multiple targets in the United States, stealing their data and demanding up to hundreds of thousands of dollars to have it returned.
Those included local governments, a shelter for victims of domestic violence, a children’s hospital in Boston, accounting firms and electricity generating companies.
The victims were not methodically chosen but were “targets of opportunity” whose computer systems were vulnerable to hacking, officials said.
“The indictment does not allege that these actors undertook these actions on behalf of the Government of Iran,” a senior Justice Department official told reporters.
The three “engaged in a pattern of hacking, cyber-theft, and extortion largely for personal gain,” FBI Director Chris Wray said in a separate statement.
But a concurrent announcement by the US Treasury said the three were part of a group of 10 Iranian hackers targeted with sanctions that was backed by the Revolutionary Guards.
“This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” the Treasury said.
Their actions align with those of known Iranian cyberattack operations which private cybersecurity groups have dubbed “APT35,” “Charming Kitten” and “Phosphorous,” Treasury added.
The Biden administration has tried to go after hackers who have held US targets essentially hostage, often sanctioned or sheltered by adversaries. The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.
Iran-based hackers have also been a focus over the last year, with the FBI last year thwarting a planned cyberattack on a children’s hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government.
“The cyber threat facing our nation is growing more dangerous and complex every day,” FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday. “Today’s announcement makes clear the threat is both local and global. It’s one we can’t ignore and it’s one we can’t fight on our own, either.”
the Treasury Department’s Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps who it says have been involved in malicious cyber activities, including ransomware. The Treasury Department identified the three defendants in the Justice Department case as employees of a technology firm it says is affiliated with the Revolutionary Guard.
John Hultquist, vice president for threat intelligence at the cybersecurity firm Mandiant, said his team has been tracking the Iranian actors for some time and assessed they are contractors for the Revolutionary Guard who have been moonlighting as criminal hackers.
The actions come amid an apparent stalemate in talks between the US and Iran over the possible revival of a 2015 nuclear deal. Israel and some US lawmakers of both parties are pushing the Biden administration to get tougher on Iran, calling the negotiations on Iran’s nuclear program a failure.
The three accused hackers are thought to be in Iran and have not been arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country.
(With AFP and AP)
3 Iranian citizens charged in broad hacking campaign in US
https://arab.news/6cucw
3 Iranian citizens charged in broad hacking campaign in US
- Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein are citizens of Iran who own or are employed by private technology companies in the country
- Treasury Department also sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard
Houthi missile strikes China-bound oil tanker in Red Sea
- The vessel and crew are safe and continuing to its next port of call: UKMTO
- The incident occurred 76 nautical miles (140 kilometers) off Yemen’s Hodeidah
AL-MUKALLA: Yemen’s Houthi militia launched an anti-ship ballistic missile into the Red Sea on Saturday morning, striking an oil tanker traveling from Russia to China, according to US Central Command, the latest in a series of Houthi maritime strikes.
CENTCOM said that at 1 a.m. on Saturday, a Houthi anti-ship ballistic missile struck a Panamanian-flagged, Greek-owned and operated oil tanker named M/T Wind, which had just visited Russia and was on its way to China, causing “flooding which resulted in the loss of propulsion and steering.”
Slamming the Houthis for attacking ships, the US military said: “The crew of M/T Wind was able to restore propulsion and steering, and no casualties were reported. M/T Wind resumed its course under its power. This continued malign and reckless behavior by the Iranian-backed Houthis threatens regional stability and endangers the lives of mariners across the Red Sea and Gulf of Aden.”
Earlier on Saturday, two UK naval agencies said that a ship sailing in the Red Sea suffered minor damage after being hit by an item thought to be a missile launched by Yemen’s Houthi militia from an area under their control.
The UK Maritime Trade Operations, which monitors ship attacks, said on Saturday morning that it received an alarm from a ship master about an “unknown object” striking the ship’s port quarter, 98 miles south of Hodeidah, inflicting minor damage.
“The vessel and crew are safe and continuing to its next port of call,” UKMTO said in its notice about the incident, encouraging ships in the Red Sea to exercise caution and report any incidents.
Hours earlier, the same UK maritime agency stated that the assault happened 76 nautical miles northwest of Hodeidah.
Ambrey, a UK security firm, also reported receiving information regarding a missile strike on a crude oil tanker traveling under the Panama flag, around 10 nautical miles southwest of Yemen’s government-controlled town of Mokha on the Red Sea, which resulted in a fire on the ship.
The Houthis did not claim responsibility for fresh ship strikes on Saturday, although they generally do so days after the attack.
Since November, the Houthis have seized a commercial ship, sunk another, and claimed to have fired hundreds of ballistic missiles at international commercial and naval ships in the Gulf of Aden, Bab Al-Mandab Strait, and Red Sea in what the Yemeni militia claims is support for the Palestinian people.
The Houthis claim that they solely strike Israel-linked ships and those traveling or transporting products to Israel in order to pressure the latter to cease its war in Gaza.
The US responded to the Houthi attacks by branding them as terrorists, forming a coalition of marine task forces to safeguard ships, and unleashing hundreds of strikes on Houthi sites in Yemen.
Local and international environmentalists have long warned that Houthi attacks on ships carrying fuel or other chemicals might lead to an environmental calamity near Yemen’s coast.
The early warning came in February when the Houthis launched a missile that seriously damaged the MV Rubymar, a Belize-flagged and Lebanese-operated ship carrying 22,000 tonnes of ammonium phosphate-sulfate NPS fertilizer and more than 200 tonnes of fuel while cruising in the Red Sea.
The Houthis have defied demands for de-escalation in the Red Sea and continue to organize massive rallies in regions under their control to express support for their campaign. On Friday, thousands of Houthi sympathizers took to the streets of Sanaa, Saada, and other cities under their control to show their support for the war on ships.
The Houthis shouted in unison, “We have no red line, and what’s coming is far worse,” as they raised the Palestinian and militia flags in Al-Sabeen Square on Friday, repeating their leader’s promise to intensify assaults on ships.
Meanwhile, a Yemeni government soldier was killed and another was injured on Saturday while fending off a Houthi attack on their position near the border between the provinces of Taiz and Lahj.
According to local media, the Houthis attacked the government’s Nation’s Shield Forces in the contested Hayfan district of Taiz province, attempting to capture control of additional territory.
The Houthis were forced to stop their attack after encountering tough resistance from government troops.
The attack occurred a day after the Nation’s Shield Forces sent dozens of armed vehicles and personnel to the same locations to boost their forces and repel Houthi attacks.
Israel war cabinet minister says to quit unless Gaza plan approved
- The Israeli army has been battling Hamas militants across the Gaza Strip for more than seven months
JERUSALEM: Israeli war cabinet minister Benny Gantz said Saturday he would resign from the body unless Prime Minister Benjamin Netanyahu approved a post-war plan for the Gaza Strip.
“The war cabinet must formulate and approve by June 8 an action plan that will lead to the realization of six strategic goals of national importance.. (or) we will be forced to resign from the government,” Gantz said, referring to his party, in a televised address directed at Netanyahu.
Gantz said the six goals included toppling Hamas, ensuring Israeli security control over the Palestinian territory and returning Israeli hostages.
“Along with maintaining Israeli security control, establish an American, European, Arab and Palestinian administration that will manage civilian affairs in the Gaza Strip and lay the foundation for a future alternative that is not Hamas or (Mahmud) Abbas,” he said, referring to the president of the Palestinian Authority.
He also urged the normalization of ties with Saudi Arabia “as part of an overall move that will create an alliance with the free world and the Arab world against Iran and its affiliates.”
Netanyahu responded to Gantz’s threat on Saturday by slamming the minister’s demands as “washed-up words whose meaning is clear: the end of the war and a defeat for Israel, the abandoning of most of the hostages, leaving Hamas intact and the establishment of a Palestinian state.”
The Israeli army has been battling Hamas militants across the Gaza Strip for more than seven months.
But broad splits have emerged in the Israeli war cabinet in recent days after Hamas fighters regrouped in northern Gaza, an area where Israel previously said the group had been neutralized.
Netanyahu came under personal attack from Defense Minister Yoav Gallant on Wednesday for failing to rule out an Israeli government in Gaza after the war.
The Gaza war broke out after Hamas’s attack on October 7 on southern Israel which resulted in the deaths of more than 1,170 people, mostly civilians, according to an AFP tally of Israeli official figures.
The militants also seized about 250 hostages, 124 of whom Israel estimates remain in Gaza, including 37 the military says are dead.
Israel’s military retaliation against Hamas has killed at least 35,386 people, mostly civilians, according to the Hamas-run Gaza’s health ministry, and an Israeli siege has brought dire food shortages and the threat of famine.
Iran to send experts to ally Venezuela to help with medical accelerators
- “Venezuela has a number of accelerators in its hospitals that have been stopped due to the embargo,” the message said
CARACAS: Iran on Saturday said it will send experts to its ally Venezuela to help with medical accelerators in hospitals it said had been stopped due to Western sanctions.
Venezuela requested Iran’s help, according to a message on the social media platform X by the Iranian government attributed to the head of the Atomic Energy Organization of Iran.
“Venezuela has a number of accelerators in its hospitals that have been stopped due to the embargo,” the message said.
Medical accelerators are used in radiation treatments for cancer patients.
Venezuela is also an ally of Russia and China.
The return of US sanctions on Venezuela’s oil industry has made its alliance with Iran critical to keeping its lagging energy sector afloat. Washington last year temporarily relaxed sanctions on Venezuela’s promise to allow a competitive presidential election. The US now says only some conditions were met.
Three Syrians missing after cargo ship sinks off Romania
- Eight sailors were rescued by one of the nearby commercial vessels, while the search for the other three, “all of Syrian nationality,” was continuing, the statement said
BUCHAREST: Romanian rescue teams on Saturday were scouring the Black Sea for three Syrian sailors who went missing when their cargo ship sank off the coast, the naval authority said.
The Mohammed Z sank with 11 crew on board, 26 nautical miles off the Romanian town of Sfantu Gheorghe in the Danube delta in the Black Sea on Saturday morning, officials said in a statement.
The ship sailing under the Tanzanian flag was carrying nine Syrian and two Egyptian nationals, it said.
After receiving an alert at “around 4:00am,” naval authorities and border police were dispatched, with two nearby commercial vessels also joining the search and rescue operation.
Eight sailors were rescued by one of the nearby commercial vessels, while the search for the other three, “all of Syrian nationality,” was continuing, the statement said.
The cause of the accident was unclear.
According to the specialist website Marine Traffic, the ship departed from the Turkish port of Mersin and was heading to the Romanian port of Sulina.
Since the start of Russia’s war in Ukraine, drifting sea mines have posed a constant threat for ships in the Black Sea, with countries bordering it doubling down on demining efforts.
Ensuring safe passage through the Black Sea has gained particular importance since Romania’s Danube ports became hubs for the transit of grain following the Russian blockade of Ukraine’s ports.
Iraq parliament fails to elect a speaker
- A coalition of three Sunni blocs backed Issawi, while Mashhadani, who served as Iraq’s first speaker following the adoption of the 2005 constitution, received the support of the former speaker Mohamed Al-Halbussi’s sizeable bloc
BAGHDAD: Iraq’s lawmakers failed to elect a speaker on Saturday as neither of the two main candidates secured a majority during a tense session of parliament.
It is the latest in a series of failed attempts to replace the former head of parliament who was dismissed in November, with political bickering and divisions between key Sunni parties derailing every attempt so far.
Saturday’s vote was the closest yet to selecting a new head of the 329-member parliament, with 311 lawmakers showing up for the session and the leading candidate falling just seven votes short.
The parliament’s media office announced that 137 lawmakers chose Mahmoud Al-Mashhadani, the oldest MP, while 158 picked Salem Al-Issawi.
However, candidates require at least 165 votes to win.
Many lawmakers did not return for a second attempt on Saturday, with local media sharing videos of a brief brawl between MPs and reporting that at least one of them was injured.
The parliament’s media office then announced that the session had been adjourned.
Iraq, a mosaic of different ethnic and religious groups, is governed by complex power-sharing arrangements.
The largely ceremonial role of president traditionally goes to a Kurd, that of prime minister to a Shiite, while the speaker of parliament is usually Sunni.
But parliament is dominated by a coalition of pro-Iran Shiite parties, reflecting the country’s largest religious group.
A coalition of three Sunni blocs backed Issawi, while Mashhadani, who served as Iraq’s first speaker following the adoption of the 2005 constitution, received the support of the former speaker Mohamed Al-Halbussi’s sizeable bloc.
The new speaker will replace Halbussi, the influential politician dismissed by Iraq’s top court in November last year after a lawmaker accused him of forging a resignation letter.
Halbussi had been the country’s highest-ranking Sunni official since he first became a speaker in 2018.
The new speaker’s stint will not last long with the general election due in 2025.
