The Justice Department on Friday unsealed criminal indictments against nine Iranians, charging them with conducting a massive cyber-theft campaign against hundreds of American and foreign universities, more than two dozen companies, and other victims.
Justice Department officials called it the largest state-sponsored hacking campaign the U.S. government has ever prosecuted.
Recent Stories in National Security
The nine defendants, who prosecutors say worked at the behest of the Iranian government and the Islamic Revolutionary Guard Corps, are accused of stealing more than 31 terabytes of documents and data from more than 140 U.S. universities, 30 U.S. companies, five government agencies, and more than 176 universities in 21 foreign countries.
The FBI released photos of the nine defendants, who are still at large overseas. While there is no expectation that the Iranian government will hand over the defendants, they are now fugitives of U.S. law and will no longer be free to travel outside Iran without risk of arrest, said Justice Department officials.
"Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are sending a powerful message to their backers, the Government of the Islamic Republic of Iran: Your acts do not go unnoticed," FBI Director Christopher Wray said in a statement.
"We will protect our innovation, ideas, and information, and we will use every tool in our toolbox to expose those who commit these cybercrimes," he said. "Our memory is long; we will hold them accountable under the law, not matter where they attempt to hide."
Deputy Attorney General Rod Rosenstein said the case will disrupt the defendants' hacking operations and deter similar crimes.
"The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America's ideas by infiltrating our computer systems and stealing intellectual property," he said.
According to the indictments, the defendants were affiliated with Iran's Mabna Institute, an Iran-based company that, since at least 2013, has helped Iranian universities and research organizations hack into and steal scientific resources from foreign countries and institutions.
The Mabna Institute employed hackers-for-hire and other contract personnel to conduct intrusions and steal academic data, intellectual property, and email inboxes through spear-phishing and other hacking tactics.
These hackers targeted more than 100,000 email accounts of professors around the world, the DOJ said, successfully compromising 8,000 professor email accounts across more than 325 universities including the U.S., Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.
Agencies targeted include the Labor Department and Federal Energy Regulatory Commission. The United Nations, the U.N. Children's Fund, and the states of Hawaii and Indiana were also among entities targeted.
The campaign started in 2013, continued through at least December 2017, and broadly sought all types of academic data and intellectual property.
The defendants then sold some of the data through two websites, Megapaper.ir and Gigapaper.ir, to customers in Iran, including to Iran-based public universities and institutions.
The Treasury Department's Office of Foreign Assets Control on Friday also slapped sanctions on the Mabna Institute and the nine defendants.