Montenegro arrests Iranian suspect in FBI-backed university cyberattack probe

Montenegrin police arrested a 39-year-old Iranian national in Kotor, on the Adriatic coast, in an FBI-backed probe into cyberattacks that hit more than 150 American universities and caused more than $3.4 billion in damage. The suspect, who holds dual Iranian and Turkish citizenship, is wanted by the U.S. Attorney’s Office for the Southern District of New York on charges including conspiracy to commit computer fraud, hacking and identity theft.

The arrest pushes the case into Montenegro’s extradition system, where a High Court judge in Podgorica is expected to handle the proceedings. Montenegro’s law requires judicial review before any surrender, and the decision can be contested through further legal challenges.

The alleged campaign began in 2013 and was used to benefit the Islamic Revolutionary Guard Corps and other Iranian entities, including universities. Stolen data and access to compromised university accounts were used in a long-running effort that reached deep into American academic networks, where researchers, credentials and intellectual property can be as valuable as money.

The allegations mirror a major 2018 Justice Department case against the Mabna Institute, in which prosecutors said nine Iranians hacked 320 universities in 22 countries, including 144 in the United States, and stole more than 31 terabytes of academic data. In that case, prosecutors estimated the universities spent about $3.4 billion to procure and access the research.

The FBI’s involvement in Montenegro reflects a familiar pattern in cross-border cybercrime investigations, where arrests depend on cooperation with local police and extradition law. The Cybersecurity and Infrastructure Security Agency warns that Iranian government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices, and U.S. agencies warn of recent Iranian state-sponsored activity against operational technology devices.