Iranian Sisters Accused of Stealing US Tech Secrets for Tehran Regime
Iranian Sisters Accused of Stealing US Tech Secrets for Tehran

Iranian Sisters Accused of Stealing US Tech Secrets for Tehran Regime

A federal grand jury has indicted two Iranian sisters and their brother-in-law on serious charges of acting as spies for Tehran, allegedly stealing highly sensitive trade secrets from American technology giants including Google. The defendants, identified as Samaneh Ghandali, 41, her sister Soroor Ghandali, 32, and Mohammadjavad Khosravi, 40, all residents of San Jose, California, were arrested in mid-February and appeared in federal court the same day.

Brazen Insider Operation with National Security Implications

According to prosecutors, the alleged scheme unfolded quietly within some of the world's most powerful technology companies, where the defendants held trusted positions granting them access to cutting-edge systems. Instead of safeguarding that proprietary information, investigators claim they systematically exploited it for Iran's benefit. FBI Special Agent in Charge Sanjay Virmani described the case as a "calculated betrayal of trust" involving the theft of trade secrets from the very employers who had placed confidence in them.

The method of transferring confidential data allegedly involved deliberate steps to evade detection and conceal identities, according to court documents. The trio faces multiple charges including conspiracy to commit trade secret theft, actual theft and attempted theft of trade secrets, and obstruction of justice. All three defendants have entered pleas of not guilty to the allegations.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Sophisticated Techniques to Bypass Security Systems

At the heart of the case lies a trove of highly valuable intellectual property encompassing sensitive data related to processor security, cryptography, and advanced mobile chip technology. Prosecutors assert that hundreds of confidential files were illicitly taken, representing the kind of cutting-edge innovation that underpins everything from modern smartphones to national security infrastructure.

Samaneh and Soroor Ghandali both previously worked at Google before transitioning to another firm identified only as "Company 3" in court documents. Khosravi worked separately at a company referred to as "Company 2," which develops system-on-chip platforms similar to the Snapdragon processors used in contemporary smartphones.

Authorities allege the defendants employed a range of covert methods to siphon off valuable data:

  • Transferring files to private communication channels
  • Moving proprietary information onto personal devices
  • Relocating data to unauthorized storage locations, including destinations overseas and in Iran

To conceal their activities, prosecutors claim the defendants went to extraordinary lengths including submitting false statements denying wrongdoing, deleting digital evidence, and even manually photographing computer screens to bypass company security systems designed to detect unauthorized downloads.

Family Background and Geopolitical Context

The indictment identifies all three defendants as Iranian nationals with Soroor Ghandali present in the United States on a student visa. Samaneh Ghandali later obtained US citizenship, while her husband Khosravi held legal permanent residency status. Prosecutors note that Khosravi previously served in the Iranian army, according to reports from CNBC.

The family's background has drawn additional scrutiny as the Ghandali sisters are reportedly daughters of Shahabeddin Ghandali, a former Iranian official arrested in 2016 over an alleged $2.5 billion embezzlement scandal connected to a state-linked investment fund and major bank.

This case unfolds against a backdrop of escalating tensions between Washington and Tehran. The arrests occurred just weeks before the United States and Israel launched a significant military offensive against Iran on February 28, a campaign that has since expanded into wider regional conflict and triggered global energy market disruptions.

Pickt after-article banner — collaborative shopping lists app with family illustration

Broader Pattern of Covert Technology Acquisition

Security experts warn that the alleged theft reflects a troubling pattern of foreign adversaries increasingly turning to insiders—employees with legitimate access—to penetrate America's most sensitive industries. Unlike traditional cyberattacks, insider threats prove notoriously difficult to detect, often unfolding over months or years before discovery.

Lara Burns, a former FBI special agent and terrorism expert at George Washington University, noted that Iran has long relied on covert networks to bypass sanctions and gain access to restricted technology. "They're constantly using their network to try to avoid sanctions," Burns told the Daily Mail. "They want US products. They want US technology. They want information. I think that these recent cases that we've seen are to be expected from this network."

The stakes in this case could hardly be higher, with the targeted technology—advanced chips, cryptography, and secure processing systems—sitting at the core of modern computing and defense infrastructure. The alleged scheme also coincides with escalating cyber warfare alongside the Middle East conflict, as Iran-linked hacking groups have intensified attacks on US companies and critical infrastructure targeting healthcare systems and industrial networks.

If convicted on all charges, the defendants could face severe penalties including up to 10 years imprisonment for each trade secret count and as much as 20 years for obstruction of justice. Google declined to comment on the ongoing case when approached for response.