14 DAY TRIAL // The US Department of Justice has charged today seven Iranian nationals with conducting coordinated DDoS attacks on US enterprises, predominantly financial institutions, and hacking into the SCADA systems of a small New York dam.
The seven men charged by Loretta E. Lynch US Attorney General are Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan (a.k.a. Nitrojen26), Omid Ghaffarinia (a.k.a. PLuS), Sina Keissar, and Nader Saedi (a.k.a. Turk Server).
Iran government has hired two companies to DDoS US firms
US officials said that the first three were employees of Iranian IT firm ITSecTeam while the last four worked for fellow company Mersad Company. Both of these firms were hired by Iran’s Islamic Revolutionary Guard Corps to conduct DDoS attacks on US companies.
The official indictment reveals that the group launched DDoS attacks against 46 major US companies on 176 different occasions, between December 2011 and May 2013. Officials say that most of the attacks intensified after September 2012.
Responsible for most of the attacks was ITSecTeam. Fathi was the leader, supervising and coordinating the attacks, Firoozi managed the C&C servers, while Shokoki was tasked with building and managing the DDoS botnet. Shokoki's activity in the group was considered part of his military service.
The other team of hackers, at the Mersad Company, had a similar structure but was only tasked with launching DDoS attacks against companies in the financial sector.
One of the accused also hacked a New York dam
Mersad's leader was Ahmadzadegan, who was also part of the Sun Army and the Ashiyane Digital Security Team (ADST) hacking groups, which operated independently of Mersad. ADST claimed to have hacked NASA in February 2012.
In Mersad, Ahmadzadegan managed the group's botnet, Ghaffarinia wrote the malware that was spread to build the botnet, Keissar was the server guy, while Saedi scanned the Web for vulnerable servers on which their malware could be installed.
Outside these charges, the DOJ also accused Firoozi of hacking into the IT network of the Bowman Dam, in Rye, New York, between August 28, 2013, and September 18, 2013.
All hackers are currently living in Iran. Below you can read a scanned version of the unsealed indictment.