An Iranian national wanted by US authorities on cybercrime charges was arrested in Montenegro in a joint operation involving Montenegrin authorities and the US Federal Bureau of Investigation, after investigators alleged he participated in a yearslong hacking campaign targeting American universities and infrastructure that caused an estimated $3.4 billion in losses.
The suspect, identified only as A.B., is a 39-year-old dual Iranian and Turkish citizen sought by the Southern District Court in New York on charges including conspiracy to commit computer fraud, hacking and identity theft.
Montenegro’s police directorate said he was detained Thursday in the Adriatic coastal resort of Kotor. Authorities said the case will now be referred to a High Court judge in Montenegro’s capital, Podgorica, to begin extradition proceedings.
In a statement, the police directorate alleged that, “From 2013 onward, … he carried out massive hacking attacks … targeting more than 150 universities in the United States, causing damage estimated at over $3.4 billion.”
Authorities said the cyber campaign focused on compromising university systems and stealing data from academic institutions across the United States. Investigators also alleged that access to hacked university accounts, along with the information obtained through the intrusions, was exploited for the benefit of the Islamic Revolutionary Guard Corps and other Iranian entities, including universities.
The arrest followed cooperation between Montenegrin authorities and the US Federal Bureau of Investigation as part of the effort to locate and detain the suspect sought by US prosecutors.
The extradition request will now be reviewed by the Montenegrin judiciary, which will determine whether A.B. will be transferred to the United States to face the charges filed in New York.
US authorities have repeatedly warned about cyber operations linked to Iran that target American infrastructure and institutions. Intelligence and law enforcement agencies have also reported an increase in Iranian hacking campaigns during April, citing continued efforts by state-linked actors to infiltrate networks and obtain sensitive information.
