The Justice Department indicted two men on Tuesday for allegedly defacing dozens of U.S.-hosted websites in retaliation for the death of Iranian Gen. Qasem Soleimani in a U.S. strike earlier this year.
Iranian national Behzad Mohammadzadeh and Palestinian national Marwan Abusrour were indicted for working together to allegedly target and deface over 50 websites hosted in the U.S., including several linked to an unnamed Massachusetts company, with the defendants allegedly replacing the text of the websites with a picture of Soleimani and the Iranian flag along with the message “Down with America.”
Mohammadzadeh and Abusrour are alleged to have conspired together to target and hack vulnerable U.S. websites, and were linked to earlier ongoing attacks on websites around the world prior to the death of Soleimani.
The Justice Department noted that “co-conspirators known and unknown” were also involved, and that Mohammadzadeh and Abusrour are believed to be living in Iran and Palestine respectively, but are wanted by U.S. authorities.
The two men were charged with intentionally conspiring to commit damage to a protected computer and for damaging a protected computer, with the charges added together carrying a jail sentence of up to 15 years and a $500,000 fine.
“The hackers victimized innocent third parties in a campaign to retaliate for the military action that killed Soleimani, a man behind countless acts of terror against Americans and others that the Iranian regime opposed,” Assistant Attorney General for National Security John Demers said in a statement. “Their misguided, illegal actions in support of a rogue, destabilizing regime will come back to haunt them, as they are now fugitives from justice.”
Joseph Bonavolonta, the special agent in charge of the FBI’s Boston Division, said in a separate statement that the indictment “should send a powerful message that we will not hesitate to go after anyone who commits malicious cyber intrusions against innocent Americans in order to cause chaos, fear, and economic harm.”
While the specific websites targeted by the defendants were not named, the Texas Department of Agriculture and the Federal Depository Library Program were both hit by attacks during the week in early January the defendants were allegedly defacing websites. Both agency websites were defaced with pictures of Soleimani and text attributing the attack to Iranian hackers.
Concerns over Iranian retaliation in cyberspace for the death of Soleimani, one of the nation’s highest officials, spiked in January. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) put out a bulletin in January warning of the increased cyber threats from Iran.
“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” CISA wrote in the bulletin. “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”