US imposes sanctions on Iranian hackers for stealing research data

The US has imposed sanctions on an Iranian company and 10 individuals who took part in a government-sponsored hacking scheme that pilfered sensitive information from hundreds of universities, private companies and government agencies. The Department of Justice has charged nine Revolutionary Guard-linked hackers associated with the Mabna institute of stealing sensitive information from at least 320 institutions, including those of Israel, private companies and government agencies. “Password spraying” attack gave Mabna group access to 31 terabytes of “valuable intellectual property and data”.

Nine of the 10 individuals have been indicted separately for related crimes.

The hacking campaign was central to a line of business at Mabna Institute, which acts as a sort of pirated JSTOR for the Iranian academic and research community. An FBI spokesman said Mabna Institute was “Created in 2013 for the express purpose of illegally gaining access to non-Iranian scientific resources through computer intrusions.” In that capacity, DOJ attorneys claimed, “The Mabna Institute contracted with Iranian governmental and private entities to conduct hacking activities on their behalf.” The stolen data was largely acquired from universities, but academic journal publishers, tech companies, other private companies, government organisations and the United Nations were targeted as well.
In addition to acquiring research that the US and other countries banned access to in Iran and providing it to the Islamic Revolutionary Guard Corps, the principals of Mabna also sold both stolen research documents and access to hacked organizations' online libraries through and—websites controlled by Abdollah Karima, one of the principals of Mabna Institute. Over a four-year period, Mabna Institute is alleged to have gained access to computers at more than 300 universities—roughly half of them in the United States—while gathering up a total of 31.5 terabytes of research data. Additionally, about 7,996 university accounts were compromised—about 3,768 of them at US universities.