In a significant cyber assault following the assassination of Iranian Major General Qasem Soleimani, the U.S. Department of Justice has indicted two hackers for defacing multiple websites within the United States. The defendants, Behzad Mohammadzadeh, also known as Mrb3hz4d, aged 19, and Marwan Abusrour, known as Mrwn007, aged 25, face charges of conspiracy to intentionally damage protected computers, stemming from their coordinated attack on over 1,400 websites bearing pro-Iranian and pro-Palestinian messages.
This incident not only targeted digital infrastructure but also aimed to express ideological retaliation against perceived U.S. military actions. Assistant Attorney General for National Security, John C. Demers, stated, “The hackers victimized innocent third parties in a campaign to retaliate for the military action that killed Soleimani, a key figure behind numerous terrorist acts against Americans and those opposed by the Iranian regime.”
According to the indictment, both individuals, hailing from Iran and Palestine respectively, have been involved in individual hacking campaigns for years but intensified their collaboration in December 2022. Their activities reached a peak on January 3, 2023, a day after Soleimani’s death in a U.S. drone strike near Baghdad International Airport. The duo employed initial access tactics by exploiting compromised websites to facilitate their operations, with Mohammadzadeh hacking into 51 American sites and replacing content with images of Soleimani, combined with messages defaming the U.S.
In addition, the defaced websites directed visitors to Mohammadzadeh’s social media channels, including his Telegram and Instagram accounts, which further promoted their actions and linked to Zone-H, a well-known archive for web intrusion incidents. The hackers effectively utilized public-facing platforms to broadcast their activities, applying further pressure on their victims and drawing attention to their motives.
Evidence presented in the indictment includes screenshots of communications between the two hackers, revealing lists of targeted websites and corroborating their collective intent to publicize their defacements on various online channels. Such tactics align with techniques outlined in the MITRE ATT&CK framework, including credentials access for gaining unauthorized entry and lateral movement to expand control over networks.
If convicted, both hackers face potential sentences of up to ten years in prison along with fines reaching $250,000, underscoring the serious legal ramifications tied to cybersecurity breaches of this nature. U.S. Attorney Andrew E. Lelling emphasized that foreign hackers represent a persistent threat to national security and reiterated the commitment to dismantle such activities through international law enforcement collaboration.
As businesses increasingly rely on digital infrastructures, incidents of this magnitude serve as a reminder of the vulnerabilities that exist. The implications of retaliatory cyberattacks extend far beyond individual targets, highlighting the need for comprehensive cybersecurity strategies and awareness to safeguard against evolving threats in the cyber landscape.
