OFAC Iran Cyber US Colleges

On Mar. 23, Treasury OFAC designated Iran cyber actors of colleges.

  • Sanctioned Iranian cyber actors for activities targeting hundreds of universities.

Mabna Institute

  • Engaged in theft of personal identifiers and resources for private financial gain.
  • Contracted with Iran government and private entities, to do hacking activities.
  • Conducted coordinated intrusions, into systems belonging to 144 US colleges.
  • Also related activity in countries, including Australia, Canada, China, Denmark,
    Finland, Germany, Ireland, Israel, Italy, UK, Japan, Malaysia, the Netherlands,
    Norway, Poland,Singapore, S Korea, Spain, Sweden, Switzerland, and Turkey.
  • Stolen data used to benefit Revolutionary Guard and sold through 2 websites.
  • University professors credentials used to access online university library systems.


  • Gholamreza Rafatnejad founding Mabna member, organized hacking campaign.
  • Ehsan Mohammadi also founding member helped organize the hacking campaign.
  • Seyed Ali Mirkarimi hacker tested, spear-phishing, organized stolen credentials.
  • Mostafa Sadeghi hacker and affiliate compromised over 1,000 professor accounts.
  • Sajjad Tahmasebi facilitated the spearphishing and conducted online surveillance.
  • Abdollah Karima businessman whose company sold, access to stolen materials.
  • Abuzar Moqadam professor exchanged stolen credentials, compromised accounts.
  • Roozbeh Sabahi contractor assisted in execution of certain Mabna hack activities.
  • Mohammed Sabahi contractor conducted email spearphishing certain universities.

OFAC added

  • Behzad Mesri repeatedly compromised US media and entertainment company, for
    access to documents, employee contact information and attempt to extort $6mn.