According to an update from the US Treasury Department, several Iranian citizens and their bitcoin addresses have been approved. An official release mentions Ahmad Khatibi Aghada, Amir Hussein Nikeen and at least seven addresses under their control.
In an indictment filed in the US District Court of New Jersey, these individuals and Ahmadi Mansour are charged with conspiracy to commit fraud and related activity in connection with a computer, intentionally causing damage to a protected computer, and seeking monetary compensation in bitcoin. .
The document was published today by the US Department of Justice (DoJ) claiming that these hackers were allegedly involved in illegal cyber activities since October 2020. Attacking from Iran, Nicene and its co-conspirators reportedly took possession of computers in the United States, the United Kingdom, Israel, Russia, and others.
The hackers allegedly used “known vulnerabilities in commonly used network devices and software applications” to conduct their exploits. In addition, he used Microsoft’s BitLocker to encrypt the computers of his victims and demanded payment in bitcoins before surrendering control.
In a Microsoft report published in early September, the big tech company acknowledged these attacks and linked a large part to the hacker group known as “Nemesis Kitten” and its Iranian chapter DEV-0270 or “PHOSPHORUS”. . The report claimed that these “widespread” attacks are sponsored by the Iranian government.
The indictment fails to mention any connection between the suspects and “Phosphorus”, but they were operating under a similar plan. The hacker group asked the victim to pay up to $8,000 to release the computer, if the victim refused, they sold the stolen data over the Internet.
According to Microsoft, the use of BitLocker through malicious commands renders the victim’s computer unusable:
DEV-0270 has been observed using the setup.bat command to enable BitLocker encryption, rendering the hosts inactive.
Treasury bans bitcoin addresses, what are the implications?
The indictment claims that Iranian hackers were allegedly able to influence small businesses, government agencies, non-profit programs, educational and religious institutions, and a number of critical infrastructure sectors such as hospital and transportation services.
Hackers often set up websites with naming formats of legitimate technology companies to lure victims. Once they gained access to the computer, the hackers provided an email address demanding payment in bitcoin and other cryptocurrencies, as seen below.
Authorities in the US were able to connect the hackers through their bitcoin addresses. Bad actors used the same addresses when demanding payment from their victims.
In the past, law enforcement agencies were able to track stolen funds and criminals through their BTC transactions. Given the transparent nature of the BTC network, some authorities believe that bitcoin could be a tool to discourage criminal activity.
US Attorney Philip Salinger of New Jersey said the following on the matter:
By accusing him in this indictment, by publicly naming him, we are removing his anonymity. They can no longer operate anonymously from the shadows. We have highlighted them as wanted criminals.
US Treasury sanctions have been the subject of controversy in the crypto space. A few weeks ago, the institution approved Ethereum-based decentralized exchange Tornado Cash in an act that many experts considered “crossing a line.”
This was the first time that the institute approved neutral technology. Now, the Treasury has issued instructions for people to “safely” withdraw their funds from the exchange, acknowledging that some people were influenced by interacting with addresses associated with Tornado Cash. What will happen to individuals interacting with bitcoin addresses accepted today?