A federal grand jury indicted three Iranian software engineers last month for allegedly stealing trade secrets from technology companies including Google, the Department of Justice announced. Two of the suspects are sisters, and their father is a former Iranian regime official who was arrested in a $2.5 billion embezzlement case back in Iran.
Samaneh Ghandali, 41, and her sister Sorvoor Ghandali, 32, along with Samaneh’s husband Mohammadjavad Khosravi, 40, allegedly used their employment at unnamed U.S. tech companies to “obtain access to confidential and sensitive information,” according to the DOJ. The trio then “exfiltrated confidential and sensitive documents, including trade secrets related to processor security and cryptography and other technologies, from Google and other technology companies.” The stolen data was transferred to other locations, including Iran. All three have pleaded not guilty.
Their father, Shahabeddin Ghandali, was a former chief executive of Iran’s Teachers Investment Fund Corporation. He was arrested in Iran in 2016 on charges of embezzlement involving $2.5 billion and fraud tied to Bank Sarmayeh. It is unclear whether he was ever fully prosecuted.
Iranian human rights activist Lawdan Bazargan, who heads the Alliance Against Islamic Regime of Iran Apologists, said the family connections are precisely the kind of vulnerability that allows regime-linked individuals to burrow into American institutions.
“The issue is risk, access, and vulnerability,” Bazargan told the New York Post. “When individuals connected to powerful networks in an authoritarian system enter universities and research centers, they gain access not only to advanced technology but also to professional networks and institutional trust. In certain cases, access can be abused.”
The case is not an isolated incident. Kaveh Lotfolah Afrasiabi, a political science professor with appointments at Harvard and other elite universities, was charged in 2021 with failing to register as a foreign agent for Iran under the Foreign Agents Registration Act. Prosecutors alleged he secretly worked for the Iranian government and the Islamic Republic’s UN mission for more than a decade, collecting over $250,000 in checks drawn on the UN mission’s official bank account and receiving health insurance through their employee benefit plans since 2011.
Afrasiabi was a frequent contributor to the New York Times during that time. No editor apparently noticed he was on Tehran’s payroll.
The indictment of the Ghandali sisters and Khosravi comes at a sensitive moment. The U.S. military has been conducting strikes against Iran-backed targets, and U.S. Central Command issued warnings this week to Iran’s military leadership. Iran-linked terror groups claimed responsibility for a separate attack against Jews in Europe over the same period. Meanwhile, allegations have surfaced that Iranian operatives have been using tech sector employment as a long-term access strategy, with Silicon Valley as a key target.
Processor security and cryptography are not consumer products. They are foundational components of military communications, financial systems, and critical infrastructure. Stealing that research is not corporate espionage. It is state-sponsored intelligence collection aimed at eroding American technological and military advantages.
The DOJ’s indictment does not name the other tech companies beyond Google. It also does not address how long the alleged scheme ran, who hired the suspects, or whether internal security measures at those companies flagged any anomalies. Those details may emerge at trial.
What is clear is that the pattern keeps repeating: Iranian nationals with regime-connected family backgrounds gain access to sensitive American institutions, accumulate trust through academic and professional credentials, then allegedly redirect privileged access toward Tehran. Three indictments since 2021 involving this specific playbook suggests it is not random. It is a method.
