The person at the center of this case
United States financial sector and companies (victims of DDoS attacks)
Cold Case · Open
10 years waiting · since 2016
OMID GHAFFARINIA
Justice for United States financial sector and companies (victims of DDoS attacks) — the trail went cold in 2016, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is Ghaffarinia's current location and activities in Iran?
🔍
evidence
Lead #2What specific financial institutions and companies were targeted in the DDoS attacks?
👤
person
Lead #3Who were the other members and co-conspirators in the Ashiyane Digital Security Team and Sun Army hacking groups?
Omid Ghaffarinia, an Iranian computer security expert and co-founder of Mersad, is wanted for his alleged role in coordinating distributed denial of service (DDoS) attacks against U.S. financial institutions and companies between 2012 and 2013. He allegedly created malware for the Mersad botnet and authored attack scripts used in these cyberattacks, claiming to have compromised thousands of servers in the United States, United Kingdom, and Israel. A federal warrant was issued on January 21, 2016, by the U.S. District Court for the Southern District of New York, and he is believed to be living in Iran.
Case
#625
Iran
United States District Court, Southern District of New York; Federal Bureau of Investigation
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4What technical signatures or forensic evidence link Ghaffarinia to the Mersad and Kamikaze botnets?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit, and Aid and Abet, Computer Intrusion Caution: Omid Ghaffarinia is wanted for his alleged involvement in a conspiracy to conduct a coordinated campaign of distributed denial of service ("DDoS") attacks against the United States financial sector and other United States companies from 2012 through 2013. Ghaffarinia was the co-founder of Mersad, a private computer security company that performed work on behalf of the Iranian Government, and a former member of the Iran-based computer hacking groups Ashiyane Digital Security Team and Sun Army.
He allegedly created malware to remotely compromise computer systems that formed part of the Mersad botnet that was used to conduct the DDoS attacks and also allegedly authored the attack script used by the Kamikaze botnet. Ghaffarinia has claimed to have successfully compromised thousands of computer servers based in the United States, the United Kingdom, and Israel.
On January 21, 2016, a grand jury in the United States District Court, Southern District of New York, indicted Ghaffarinia for his alleged involvement in the scheme and a federal warrant was issued for his arrest after he was charged with conspiracy to commit, and aid and abet, computer intrusion. Remarks: Ghaffarinia is known to speak Farsi and is thought to be living in Iran.
Timeline of Events
📋
2012-01-01
DDoS Campaign Period Begins
Coordinated campaign of distributed denial of service attacks against U.S. financial sector and other companies begins
📋
2013-12-31
DDoS Campaign Period Ends
Coordinated campaign of distributed denial of service attacks against U.S. financial sector and other companies concludes
🕵️
2016-01-21
Federal Indictment
Grand jury in U.S. District Court, Southern District of New York, indicts Ghaffarinia for conspiracy to commit and aid and abet computer intrusion; federal warrant issued for arrest
Case Information
Incident:January 1, 2012
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2012
Last Updated:April 29, 2026