A French-Venezuelan cardiologist has been accused by the US of selling ransomware to cybercriminals, including malicious actors associated with the government of Iran.
The Brooklyn district attorney's office said Monday that Moises Luis Zagala, 55, not only created and sold ransomware products to hackers, but also trained them on how to extort victims, and then boasted about successful attacks by an Iranian state-sponsored hacking group.
In early 2019, Zagala began advertising his new tool on the web as a "Private Ransomware Builder" which he named "Thanos" after the Marvel Comics villain responsible for destroying the half of life in the universe, as well as Thanatos, the personification of death in Greek mythology.
Zagala publicly bragged about a news story about an Iranian state-sponsored hacking group’s use of Thanos to commit ransomware attacks on Israeli companies.
The Islamic Republic is very active in various malign cyber activities and is also providing cyber technology to its proxies, including the Lebanese Hezbollah, to build their own cyber units.
The National Interest reported in mid-April that Iran has helped Hezbollah become “the most sophisticated and influential Middle Eastern terrorist organization in cyberspace after the collapse of the Islamic State caliphate”.
Earlier in April, Meta, formerly the Facebook company, removed two Iranian cyberespionage groups that were targeting academics, activists, journalists and other victims to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts.
The groups, possibly sponsored by Revolutionary Guard (IRGC), targeted Iranian diaspora, dissidents and human rights activists from Israel and Iran, Iran-focused academics, politicians in the US, people in the Middle East including the Saudi military, and journalists around the world.