Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list.
The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing $16.8 million worth of cryptocurrencies in a series of phishing attacks throughout 2017 and 2018.
"This tactic used a combination of phishing and spoofing to exploit Internet users' trust in known companies and organizations to fraudulently obtain their login credentials, including email addresses, password information, and other personal information," the DoJ said.
In addition to the criminal charges, the U.S. Department of the Treasury has also sanctioned both Russian hackers, freezing all their assets under U.S. jurisdiction and banning them from doing business with Americans.
"Karasavidi laundered the proceeds of the attacks into an account in his name. He attempted to conceal the nature and source of the funds by transferring them in a layered and sophisticated manner through multiple accounts and multiple virtual currency blockchains. Ultimately, the stolen virtual currency was traced to Karasavidi's account, and millions of dollars in virtual currency and U.S. dollars was seized in a forfeiture action by the United States Secret Service," the U.S. Department of the Treasury explained.
Whereas, both two Iranian nationals—Mehdi Farhadi and Hooman Heidarian—are allegedly involved in government-linked hacking operations and have stolen hundreds of terabytes of sensitive data from several targeted organizations.
According to an indictment unsealed by the Justice Department, since 2013, Iranian hackers have targeted several American and foreign universities, think tanks, defense contractors, aerospace companies, foreign policy organizations, NGOs, and foreign governments.
"In some instances, the defendants' [Iranian] hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders," the indictment says.
"In other instances, the defendants sold the hacked data and information on the black market for private financial gain."
After selecting their victims using online reconnaissance and publicly available data, the hackers run vulnerability scanning tools and other means to assess computer networks remotely.
"The defendants gained and maintained unauthorized access to victim networks using various tools, including session hijacking, SQL injection, and malicious programs."
"The defendants then used key-loggers and "remote access Trojans" to maintain access and monitor the actions of users of the victim networks."
All four hackers remain at large, likely in their respective countries, and have been charged with several counts of conspiracy to commit fraud, unauthorized access, wire fraud, identity theft, and related activity in connection with computers