The Trump administration has slapped sanctions on an Iranian company and nine Iranians for hacking into American universities. A tenth person received sanctions after he hacked accounts belonging to HBO employees to steal data and unaired episodes of shows like Game of Thrones.

Officials said these individuals do not work for the regime, but did their work for the Iranian Revolutionary Guard Corps.

The Treasury Department wrote:

“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” said Treasury Under Secretary Sigal Mandelker. “We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities. Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime’s malicious cyber practices, and hold it accountable for criminal cyber-attacks.”

As a result of today’s action, all property and interests in property of the designated persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.

The nine people worked at the Mabna Institute, “founded in or about 2013 to assist Iranian universities and scientific and research organizations in obtaining access to non-Iranian scientific resources.” The department stated that the company “engaged in the theft of personal identifiers and economic resources for private financial gain.”

They targeted American and foreign universities:

The Mabna Institute conducted massive, coordinated cyber intrusions into computer systems belonging to at least approximately 144 United States-based universities, in addition to at least 176 universities located in 21 foreign countries: Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, the Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom. The exfiltrated data and stolen login credentials acquired through these malicious cyber-enabled activities were used for the benefit of Iran’s Islamic Revolutionary Guard Corps (IRGC), and were also sold within Iran through at least two websites. The stolen login credentials belonging to university professors were used to directly access online university library systems.

Today, OFAC is also designating nine Iran-based individuals who were leaders, contractors, associates, hackers for hire, and affiliates of the Mabna Institute for engaging in malicious cyber-enabled activities related to the significant misappropriation of economic resources or personal identifiers for private financial gain.

The hackers stole about “31 terabytes of data and intellectual property” and the IRGC received most of that information.

They would study their subject and “then using that information to send specialized emails to the targets that appeared to come from other university professors expressing interest in a recently published work, with links to other research that were actually links to malicious websites that would mimic the professor’s login page and steal his or her login information and use it to access their accounts.”

CNN described the hacks on private-sector and government as “less sophisticated” since the hackers allegedly used “password spraying.” This means the men “collected email addresses they could find on the internet and then simply tried common passwords on those accounts, stealing email inboxes if they managed to get in.”

Others affected include employees at the Department of Labor, Federal Energy Regulatory Commission, United Nations, United Nations Children’s Fund, and the state governments of Hawaii and Indiana.


Donations tax deductible
to the full extent allowed by law.