US charges Venezuelan man with creating ransomware used by IRGC contractor to target Israel

Jacob Magid is The Times of Israel's US correspondent based in New York

Moises Luis Zagala Gonzalez (FBI)
Moises Luis Zagala Gonzalez (FBI)

The US Department of Justice is accusing a Venezuelan cardiologist of having developed the Thanos ransomware used by state-sponsored Iranian hackers to target Israeli companies in 2020.

The US Attorney’s Office for the Eastern District of New York announces that it has unsealed a Brooklyn federal court indictment against Moises Luis Zagala Gonzalez on charges of attempted computer intrusions and conspiracy to commit computer intrusions.

“The multi-tasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims and then boasted about successful attacks, including by malicious actors associated with the government of Iran,” US Attorney Breon Peace says in a statement.

Zagala used a number of online aliases, including “Nosophoros,” “Aesculapius” and “Nebuchadnezzar” — the Babylonian king who conquered Jerusalem in 597 BCE.

The Justice Department says Zagala publicly discussed his awareness that his clients used his Thanos ransomware, even linking to a news story about the Islamic Revolutionary Guard Corps contractor “MuddyWater’s” cyberattack on Israeli companies ClearSky and Profero.

The two firms said at the time that they identified and thwarted the attacks before any harm could be inflicted, but were raising an alarm to the methods used, indicating that they could have been employed in earlier hacking attacks that might have gone unnoticed.

Zagala’s current whereabouts are unknown, but the FBI has requested that a warrant be issued for his arrest. If convicted, he faces up to 10 years in prison.

Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed