An Iranian national pleaded guilty to participating in the high-profile 2019 Baltimore, Maryland, ransomware attack, among others, and to causing tens of millions of dollars in losses and disrupted services, the Department of Justice said on Tuesday.
Sina Gholinejad, 37, faces a maximum sentence of 30 years in prison after he pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud, according to the DOJ.
The DOJ statement and publicly available court records did not allege a state-backed connection in this case, but U.S. authorities in recent years have warned of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities.
Iranian-linked hackers have also targeted U.S. critical infrastructure under the guise of ostensibly independent personas, such as the November 2023 defacement of water treatment equipment in Aliquippa, Pennsylvania, by a group called Cyber Av3ngers. The U.S. government later tied the group to the Iranian Islamic Revolutionary Guard Corps. Iran has denied targeting entities in the U.S. with cyberattacks.
Gholinejad was arrested January 10, 2025, at the Raleigh-Durham International Airport, according to federal court records.
The circumstances of his arrest were not immediately clear. The assistant federal public defender assigned to his case declined to comment.
Gholinejad and unnamed co-conspirators were behind a string of ransomware attacks using the Robbinhood ransomware variant dating to January 2019 through March 2024, according to an April 2024 indictment unsealed on Tuesday.
Additional victims include computer networks in the cities of Gresham, Oregon; Yonkers, New York; and Greenville, North Carolina, along with the Glenn-Colusa Irrigation District in California and the nonprofit Berkshire Farm Center and Services for Youth, based in New York.
The attack on Baltimore, beginning on May 7, 2019, cost the city more than $19 million from damage to computer networks and disruptions to city services including the processing of property taxes, water bills, parking citations and other revenue-generating functions lasting many months, the DOJ said in its statement.
(Reporting by AJ Vicens in Detroit;Editing by Matthew Lewis)
Interested in Cyber?
Get automatic alerts for this topic.
Leave a Reply