A Venezuelan cardiologist who taught himself computer programming sold software that was used by an Iranian hacking group to attack Israeli companies, US prosecutors said on Monday in bringing criminal charges against him.
Moises Zagala, 55, licensed his software to cybercriminals who deployed it to extort victims for money, according to a complaint filed in federal court in Brooklyn, New York.
Zagala advertised his Jigsaw v. 2 tool on an online forum for $500, and offered to sell the underlying source code for $3,000, the complaint said.
Breon Peace, the US Attorney for the Eastern District of New York said in a statement that Zagala bragged about successful attacks using his programs, "including by malicious actors associated with the government of Iran."
Zagala faces two counts of attempted computer intrusions and conspiracy to commit computer intrusions. He lives in Ciudad Bolivar, Venezuela, and has not been arrested by US authorities. A message Reuters sent to an Instagram account for Zagala's clinic in Ciudad Bolivar was not immediately returned.
In late 2019, he started offering another product, Thanos, to hackers in exchange for some profits from their ransomware attacks, according to the complaint, which was written by FBI agent Chris Clark. Clark bought a license for the program and downloaded it to a computer in the United States.
Zagala in 2020 posted links on a message board to news articles in Russian about an Iranian hacking group, MuddyWater, that used Thanos software to target Israeli organizations, Clark said.
US authorities in February described MuddyWater as a group of Iran-linked cyber operators and said it had targeted a range of government and private-sector organizations across Asia, Africa, Europe and North America. Iran's mission to the United Nations called the allegations "baseless."
Some of Zagala's clients were directed to make payments to a PayPal account registered to his brother in Florida, the court document said. It said the brother told the FBI Zagala had taught himself computer programming.