Foreign Economic Espionage in Cyberspace/Iran

Iran: An Increasing Cyber Threat

Iranian cyber activities are often focused on Middle Eastern adversaries, such as Saudi Arabia and Israel; however, in 2017 Iran also targeted U.S. networks. A subset of this Iranian cyber activity aggressively targeted U.S. technologies with high value to the Iranian government. The loss of sensitive information and technologies not only presents a significant threat to U.S. national security. It also enables Tehran to develop advanced technologies to boost domestic economic growth, modernize its military forces, and increase its foreign sales. Examples of recent Iranian cyber activities include the following:

• The Iranian hacker group Rocket Kitten consistently targets U.S. defense firms, likely enabling Tehran to improve its already robust missile and space programs with proprietary and sensitive U.S. military technology.
• Iranian hackers target U.S. aerospace and civil aviation firms by using various website exploitation, spearphishing, credential harvesting, and social engineering techniques.
• The OilRig hacker group, which historically focuses on Saudi Arabia, has increased its targeting of U.S. financial institutions and information technology companies.
• The Iranian hacker group APT33 has targeted energy sector companies as part of Iran’s national priorities for improving its petrochemical production and technology.
• Iranian hackers have targeted U.S. academic institutions, stealing valuable intellectual property and data.

=== Recent Unsealed U.S. Indictments with a Link to Iran ===

In July 2017, Iranian nationals Mohammed Reza Rezakhah and Mohammed Saeed Ajily were charged with hacking into U.S. software companies, stealing their proprietary software, and selling the stolen software to Iranian universities, military and government entities, and other buyers outside of the United States.

In November 2017, Iranian national Behzad Mesri was charged with allegedly hacking HBO’s corporate systems, stealing intellectual property and proprietary data, to include scripts and plot summaries for unaired episodes. Mesri had previously hacked computer systems for the Iranian military and has been a member of an Iran-based hacking group called the Turk Black Hat security team.

In March 2018, nine Iranian hackers associated with the Mabna Institute were charged with stealing intellectual property from more than 144 U.S. universities which spent approximately $3.4 billion to procure and access the data. The data was stolen at the behest of Iran’s Islamic Revolutionary Guard Corps and used to benefit the government of Iran and other Iranian customers, including Iranian universities. Mabna Institute actors also targeted and compromised 36 U.S. businesses.

We believe that Iran will continue working to penetrate U.S. networks for economic or industrial espionage purposes. Iran’s economy—still driven heavily by petroleum revenue—will depend on growth in nonoil industries and we expect Iran will continue to exploit cyberspace to gain advantages in these industries. Iran will remain committed to using its cyber capabilities to attain key economic goals, primarily by continuing to steal intellectual property, in an effort to narrow the science and technology gap between Iran and Western countries.