Iran Slams US Sanctions Following Cyber-Theft

Iran Slams US Sanctions Following Cyber-Theft

Iran has hit back at US sanctions levied in response to alleged attacks on hundreds of global universities and a media company for financial gain.

The Mabna Institute is said to have stolen 31TB of IP and other valuable data from over 300 educational institutions in the US, UK, Germany, Japan, Israel and elsewhere.

The US government claimed on Friday that the Iranian military effectively outsourced the hacking work to the Institute in order to help domestic universities and research organizations gain access to non-Iranian scientific resources.

“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” said US Treasury under secretary Sigal Mandelker.

The two founders of the Institute were among the 10 people indicted, meaning they could face extradition to the US if they travel outside of Iran and their assets are subject to seizure by the US authorities. The Institute itself was also placed under sanctions.

Tehran’s foreign ministry spokesperson, Bahram Quassemi, condemned the sanctions as provocative and illegal, according to the BBC.

“The US will definitely not benefit from the sanctions gimmick, aimed at stopping or preventing the scientific growth of the Iranian people” he said in a statement.

Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, claimed the naming and shaming of the individuals continues a trend of state-sponsored attack attribution.

“By applying sanctions quickly against the Iranian hacker network involved in this incident, the United States is signalling that any cyber-attack against the country will have consequences,” he added.

“It is another recent example of the US both calling out malicious state-sponsored cyber behavior and taking action against it. However, the sanctions applied by the US Treasury Department will have very limited effect on people without US-based assets or bank accounts.”

Source: Information Security Magazine