The 39-year-old man, who holds Iranian and Turkish citizenship, was identified by Montenegrin media as Amir Barati and was arrested in the Adriatic resort town of Kotor, Montenegro’s police directorate said Thursday.
He is wanted by the US District Court for the Southern District of New York on charges including conspiracy to commit computer fraud, hacking and identity theft. The case will now go before a High Court judge in Podgorica for extradition proceedings.
Montenegrin police said the suspect had carried out large-scale cyberattacks from 2013 onward, targeting more than 150 universities in the United States and causing damage estimated at more than $3.4 billion.
Police said the stolen data and access to compromised university accounts were used for the benefit of the Islamic Revolutionary Guard Corps and other Iranian entities, including universities.
Barati’s name does not appear on the FBI’s public list of nine Iranian hackers charged in 2018 over the Mabna Institute campaign, but the allegations described by Montenegrin police closely match that case, including the 2013 start date, the university targets, the IRGC connection and the $3.4 billion damage estimate.
The overlap leaves open the possibility that Barati was tied to the same broader operation or to a related US case, though neither US nor Montenegrin authorities have publicly linked him to the 2018 indictment.
The FBI said in 2018 that the Mabna Institute, an Iran-based company created in 2013, was used to steal access to non-Iranian academic and scientific resources through computer intrusions. US authorities said members of the institute were contracted by the IRGC and other Iranian government clients.
According to the FBI, the campaign compromised about 144 US-based universities and 176 foreign universities in 21 countries. It also targeted private companies, US government entities, the states of Hawaii and Indiana, and the United Nations.
US authorities said the hackers targeted more than 100,000 professor accounts worldwide and successfully compromised about 8,000 of them. They stole more than 30 terabytes of academic data and intellectual property, including journal access, research papers, electronic books and other proprietary academic material.
The campaign relied heavily on spearphishing emails that appeared to come from other academics. Victims were directed to fake university login pages, where their credentials were captured and later used to access library databases and research platforms.
The FBI said the stolen material covered a wide range of fields, including science, technology, engineering, medicine, social sciences and other academic disciplines.
US investigators also said the hackers used password-spraying attacks against companies and government targets, gaining access to email accounts and sensitive data. Victims included academic publishers, media and entertainment companies, technology firms and investment firms.
When the 2018 charges were announced, then-FBI Deputy Director David Bowdich said apprehending the suspects would be difficult but “not impossible,” adding that the defendants could be arrested if they traveled outside Iran.
“Where we can’t apprehend these individuals quickly, we will resort to different methods – naming and shaming, sanctions, and a lot of publicity,” Bowdich said at the time. “We will keep at it, because the FBI and our partners at the Department of Justice have a very long memory.”
The arrest in Montenegro suggests that warning may now be playing out years later, as one suspect allegedly linked to the campaign faces possible extradition to the United States.
The case comes amid renewed US warnings about Iranian cyber operations. In April, US cybersecurity, law enforcement and intelligence agencies warned of escalating Iranian hacking campaigns targeting equipment across critical infrastructure.
Click Here For The Original Source.
