They targeted multiple bank websites as well as the controls for a dam in New York state.
Seven Iranian programmers were indicted Thursday on computer hacking charges for their involvement in Distributed Denial of Service (DDoS) attacks against the U.S. financial sector.
A U.S. district court jury for the Southern District of New York handed down the indictments, which accuse the seven individuals of targeting financial institutions and other victims on behalf of the Iranian government.
The attacks disabled the websites of several banks, according to a U.S.
Department of Justice press release, preventing customers from accessing their accounts online and costing the victims tens of millions of dollars as they repaired their affected IT networks.
The DDoS campaigns lasted for 176 days between late 2011 and mid-2013, the DOJ said.
In all, there were 46 victims, which also included the IT infrastructure that controls a dam in Rye, New York.
“In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” U.S.
Attorney General Loretta Lynch said in a statement.
The attackers worked in two separate groups for two different private sector Iranian companies, ITSec and Mersad, according to the DOJ.
During the DDoS campaigns, they hit victims’ computer servers with as much as 140GB of data per second.
Though the attackers did manage to get into some systems at the dam, they were unable to gain any kind of access to more critical controls.
The indictment was widely expected as part of the “name and shame” campaign the Obama administration has used to address big-name hacks over the past few years.
That includes the hack of Sony Pictures Entertainment, which the administration publicly called out North Korea for sponsoring in December 2014.