The alleged victim organizations ranged from a domestic violence shelter in Pennsylvania, a power company in Mississippi and a municipality in Union County, New Jersey, according to charges brought in a federal court in New Jersey.
The indictment does not accuse the Iranians of carrying out those particular hacks on behalf of the Iranian government. However, in sanctioning the three Iranian men on Wednesday, the Treasury Department accused them of working for IT firms that are affiliated with the Iranian Revolutionary Guard Corps (IRGC).
In some cases, the Iranian hackers demanded hundreds of thousands of dollars in ransom payments to unlock computers, a senior Justice Department official told reporters Wednesday.
Iran’s Permanent Mission to the United Nations did not immediately respond to a request for comment on the Justice Department allegations.
The White House condemned Tehran for the initial hack in July and said US officials have been on the ground in Albania helping with the recovery. Iran denied the allegations.
The newly indicted Iranians — Mansour Ahmadi, Ahmad Khatib Aghda and Amir Hossein Nickaein Ravari — are believed to reside in Iran, according to the senior Justice Department official. The chances of the three Iranians being taken into US custody are slim unless they travel to a country with which the US has an extradition agreement.
As part of the Wednesday crackdown on alleged Iranian hacking, the Treasury Department sanctioned Ahmadi, Aghda and Ravari as well as seven other Iranians, and accused them of working for Iranian IT firms affiliated with the Islamic Revolutionary Guard Corps. The State Department offered as much as a $10 million reward for on Ahmadi, Aghda and Ravari.
The Treasury announcement accused the Iranian hackers of conducting a slew of ransomware attacks, including one on Boston Children’s Hospital in June 2021. FBI officials say they were able to thwart the hackers and no damage was done to patient care.
The Justice Department charges highlight the often blurred lines between the government and cybercriminal actors in countries such as Iran, according to some analysts.
“Recent announcements from US government agencies reinforce our understanding of the ecosystem of cyber operations in Iran, which is heavily reliant on third-party contractors for both the IRGC and the Ministry of Intelligence and Security,” said Saher Naumaan, principal threat intelligence analyst at BAE Systems, who tracks alleged Iranian hackers closely. “The companies are often front companies for the intelligence agencies, where the individuals are directly involved in operations or they can be on the periphery in support roles such as training academies.”
This story has been updated with additional developments and context.
CNN’s Jennifer Hansler contributed reporting.