Suspect Accused of Iranian Cyber Attacks on US Infrastructure Arrested in Montenegro

An Iranian national suspected of taking part in cyberattacks that caused $3.4 billion in damage to infrastructure in the United States is in custody in Montenegro, awaiting extradition to New York.The Montenegrin police, supported by the FBI, said they arrested the 39-year-old man, who holds dual Iranian and Turkish citizenship, on June 25 based on charges of conspiracy to commit computer fraud, hacking, and identity theft, which stem from an indictment in the Southern District Court in New York.The man named in Montenegrin media as Amir Barati was arrested in the seaside resort of Kotor, a popular summer vacation destination for Europeans.The Montenegrin police said a High Court judge in the capital, Podgorica, would now consider the United States’ extradition request.‘Massive Hacking Attacks’“From 2013 onward … he carried out massive hacking attacks … targeting more than 150 universities in the United States, causing damage estimated at over $3.4 billion,” the police said in a statement.The statement said the data acquired and the access to compromised university accounts were used for the benefit of the Iranian Islamic Revolutionary Guard Corps (IRGC) and several Iranian universities and other entities.Montenegro was a republic of Yugoslavia and became independent of Serbia in 2006.On Feb. 7, 2018, a grand jury in the U.S. District Court for the Southern District of New York indicted nine Iranian nationals for their alleged involvement in computer intrusion, wire fraud, and aggravated identity theft offenses.“Each individual was a leader, contractor, associate, hacker for hire, or affiliate of the Mabna Institute, a private government contractor based in the Islamic Republic of Iran that performed this work for the Iranian government, at the behest of the Islamic Revolutionary Guard Corps,” an FBI statement at the time said.“The defendants stole at least approximately 31.5 terabytes of academic data and intellectual property, which they exfiltrated to servers outside the United States that were under the control of members of the conspiracy.”The IRGC has a long history of state-sponsored cyberattacks against the United States and Israel.Smoke rises from a location, allegedly IRGC’s Sarallah Headquarters, in the north of Tehran after being targeted by Israel on June 23, 2025. Elyas/Middle East Images via AFP via Getty ImagesOn April 7, several federal agencies warned that there had been an increase in Iranian cyberattacks aimed at U.S. infrastructure since the start of Operation Epic Fury on Feb. 28. The advisory warned that hackers had caused disruptions through “malicious interactions” on project files and data displays in organizations across multiple U.S. critical infrastructure sectors, including government services and facilities, local municipalities, water and waste systems, and energy infrastructure.The IRGC was founded in 1979 to defend Iran’s Islamic revolution and is known to fund militant groups in Iraq, the Palestinian territories, Syria, Lebanon, Yemen, and Afghanistan. In September 2024, another advisory warned that the IRGC was mounting cyberattacks against individuals with a “nexus to Iranian and Middle Eastern affairs.” That included current and former senior government officials, activists, lobbyists, journalists, and think tank personnel.That same month, three Iranians—Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi—were charged, in absentia, with helping to hack a 2024 U.S. presidential campaign, according to court documents filed in Washington and obtained by The Epoch Times.All three of the men lived in Iran, and although then-U.S. Attorney General Merrick Garland told a briefing they would be pursued “endlessly,” they remain fugitives at this time.The Epoch Times reached out to the FBI and the Department of Justice for comment, but did not receive a response by publication time.Reuters contributed to this report.