US authorities have charged nine Iranian hackers with cyber-attacks against 144 US universities, 176 universities in 21 foreign countries, and 47 US and foreign companies active in various private sectors.
The nine Iranians acted as a group and US officials said they were "hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions," at the behest of Iran's Islamic Revolutionary Guard Corps (IRGC), one of the country's intelligence agencies.
Officials said the group targeted the email accounts of more than 100,000 professors from all over the world, and appear to have successfully compromised 8,000 email accounts for professors at US universities.
Hackers then used access to these accounts to search internal networks for data, which they exfiltrated back to Iran. Some of the stolen data and login credentials into the hacked institutions ended up for sale on Megapaper.ir (Megapaper) and Gigapaper.ir (Gigapaper), two websites operated by a company controlled by one of the nine suspects.
The Mabna hackers, as some officials called them in a press conference today, were responsible for the theft of "more than 31.5 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations."
Investigators estimated the value of the stolen intellectual property at around $3.4 billion.
Answering questions from the press during a joint press conference, US officials declined to say if any of the stolen intellectual property has ended up in the hands of the Iranian government, academics, or other entities.
The US Treasury Department has blocked any assets associated with the nine hackers and forbade any US citizen or entity in engaging in business dealings with the nine.