U.S. Academic Network Hacking, Iranians Indicted

IndraStra Global

U.S. Academic Network Hacking, Iranians Indicted

By IndraStra Global News Team

Image Attribute: U.S. Deputy Attorney General Rod Rosenstein speaks at a press conference at the Department of Justice on Friday announcing the indictment against nine Iranians. | Source: Reuters

Image Attribute: U.S. Deputy Attorney General Rod Rosenstein speaks at a press conference at the Department of Justice on Friday announcing the indictment against nine Iranians. | Source: Reuters

On March 23, 2018, the U.S. Treasury Department unveiled charges against nine Iranians along with sanctions against 10 individuals and the Mabna Institute, which it accused of "hacking" hundreds of universities on behalf of Iran's Islamic Revolutionary Guards Corps.

Wanted by the FBI
Ten Iranians were also hit with sanctions along with an Iranian company, the Mabna Institute, which engaged in computer hacking on behalf of Iran’s Revolutionary Guards, the US Treasury Department said.

The indictment alleges the Mabna Institute since 2013, targeted more than 100,000 professors worldwide and succeeded in compromising 8,000 of them, spread across 144 US-based universities and 176 foreign universities. They also targeted and compromised at least 36 U.S.-based private companies and at least 11 companies based in Germany, Italy, Switzerland, Sweden and the United Kingdom, prosecutors said.

And the indictment counts at least five government agencies, including the Labor Department, the Federal Energy Regulatory Commission, and the United Nations, among the victims of the hacking campaign.

Read the full indictment:


The Treasury Department's Office of Foreign Assets Control issued sanctions against the Iranians on Friday.

Geoffrey Berman, US Attorney for the Southern District of New York, said the Iranians conducted spearphishing attacks designed to steal passwords from email accounts in one of the "largest state-sponsored" hacking schemes ever uncovered. He said 31 terabytes — about 15 billion pages — of academic data and intellectual property were stolen.

"Iran condemns the United States' provocative, illegal, and unjustified actions, which are a major new sign of the hostility and animosity of U.S. leaders towards the Iranian people," Qasemi said in a statement on the ministry's website.

With reporting by AFP, AP, RFE/RL and CNBC

Advisory Note from IndraStra Global Editorial Team to the Academic Communities:


1.  DO NOT share your university's system (email network, laboratory network, library network) login credentials (IDs & Passwords) with anyone

2. DO NOT share any of your academic login credentials (single-sign-on) details related to your OpenAthens (IDs & Passwords) and Shibboleth (IDs & Passwords) accounts with anyone.

3. DO NOT share any of your academic social network login credentials (single-sign-on) details related to Academia.edu (IDs & Passwords) and ResearchGate (IDs & Passwords) accounts with anyone.

4. DO NOT share any of your scholar identification login credentials (ID & Password) associated with your ORCID and Thomson Reuters ResearcherID with anyone.

5. DO NOT link your generic Gmail, Linkedin and Facebook IDs to any of the above mentions networks through OAuth 2.0/3.0. In case, if you want to have the single-sign-on option, try to create a separate Gmail ID and link it up. But, kindly do not share the newly minted Gmail ID with anyone for the future outside communications. So, in case if you receive any solicitation email at the Gmail ID (which is only known to you), can easily provide you the necessary early-warnings as a "Red Flag". 

6. If you receive any unknown hyperlinks (in the body of the email) or mysterious MS Word Doc file (or any file as an attachment) in an email communication. Kindly, check the sender's name and signature details on public search engines (Google, Yahoo, AOL), and verify it as per your satisfaction. 

7. If someone or an unknown acquaintance wants to send a file to you as an attachment which needs to be downloaded at your end, Kindly ask the sender, to upload the necessary files in "Google Drive" and to send the download link back to you.