Montenegrin police, working with the U.S. Federal Bureau of Investigation, arrested Amir Barati in the Adriatic resort town of Kotor on Thursday on a U.S. warrant that accuses the 39-year-old dual Iranian-Turkish national of orchestrating $3.4 billion in damage through mass cyberattacks on American universities since 2013. The case now heads to a High Court judge in Podgorica for extradition proceedings, putting Barati on track to face charges in New York that link the stolen data to Iran’s Islamic Revolutionary Guard Corps.
Barati is wanted by the U.S. District Court for the Southern District of New York on charges including conspiracy to commit computer fraud, hacking, and identity theft. Montenegro’s police directorate said the arrest followed a U.S. and FBI request. The FBI was not immediately available for comment on the arrest.
The Arrest in Kotor
Montenegrin police located Barati in Kotor, a coastal town on the Bay of Kotor, and took him into custody on Thursday. He is 39 years old and holds both Iranian and Turkish citizenship, according to police statements reported by multiple outlets, including the Montenegrin police statement on the arrest.
Barati is sought by a federal court in New York on multiple charges, including conspiracy to commit computer fraud, hacking, and identity theft, police said. Montenegro is a NATO member and a U.S. ally, and the small Adriatic country of roughly 620,000 people has been described as next in line to join the European Union. The FBI was not immediately available for comment when contacted about the arrest.
Since 2013 as an associate of a legal entity from Iran, he committed massive hacking attacks on U.S. infrastructure, including 150 universities, causing damage estimated to over $3.4 billion US dollars.
The statement, issued by Montenegro’s police directorate, was reported by the French news agency AFP and carried by CBS News and others. The next paragraph names the speaker: Montenegro’s police directorate, in a statement reported by AFP.
What Police Say Barati Did
According to Montenegro’s police directorate, Barati operated from 2013 onward as an associate of an Iran-based legal entity and ran mass hacking campaigns against U.S. infrastructure, hitting more than 150 universities. The stolen data, along with access to compromised university accounts, was directed to the benefit of Iran’s Islamic Revolutionary Guard Corps and other Iranian users, including universities based in Iran.
The methods police describe are consistent with the spearphishing and credential-harvesting pattern long associated with Iranian state-linked intrusions. Iran International reported that the allegations closely match the public record of the 2018 Mabna Institute case, including the same 2013 start date, the same university targets, the same IRGC tie, and the same $3.4 billion damage estimate. See the Reuters report detailing Barati’s charges and the IRGC link for the full charging language, and see fourteen Iranian officials denied US entry over IRGC ties for parallel U.S. pressure on IRGC-linked figures.
The charges filed in New York are extradition-grade: conspiracy to commit computer fraud, hacking, and identity theft. Barati’s name does not appear on the FBI’s public 2018 list of nine Iranians charged in the Mabna Institute case, leaving open whether he is named in a separate, sealed indictment or tied to the broader operation as a contractor or affiliate.
| Feature | 2018 Mabna Institute indictment | 2026 Montenegro arrest |
|---|---|---|
| Campaign start year | 2013 | 2013 |
| U.S. universities targeted | 144 | More than 150 |
| Damage estimate | Over $3.4 billion | Over $3.4 billion |
| Number of named defendants | 9 | 1 (Barati) |
| IRGC connection alleged | Yes | Yes |
| Status | Indictment unsealed; defendants believed at large | Arrest; extradition pending |
Why the Numbers Echo the 2018 Case
The arithmetic of the 2026 Montenegro arrest maps almost exactly onto the figures unsealed by the Department of Justice in March 2018, when prosecutors in the Southern District of New York charged nine Iranian nationals tied to the Mabna Institute, an Iran-based company founded in 2013 to help Iranian universities and research organizations steal access to non-Iranian scientific resources. In the 2018 case, the FBI said the campaign compromised about 144 U.S.-based universities and 176 universities across 21 foreign countries, stole more than 30 terabytes of academic data, and forced U.S. universities to spend over approximately $3.4 billion to procure and access the data that had been taken. Read the 2018 Mabna Institute indictment and the FBI’s case details.
Barati’s name is not on that 2018 defendant list. That gap is the open question in the new case. He could be an unsealed defendant from a related, still-pending case, or a contractor and affiliate in the broader operation who was charged under seal while the FBI built toward an arrest outside Iran.
Either way, the pattern fits what then-FBI Deputy Director David Bowdich said at the 2018 announcement: that apprehending the suspects would be difficult but not impossible, that the FBI had “a very long memory,” and that naming, shaming, and sanctions would be used while investigators waited for travel opportunities. See Iran International reporting on how the new case mirrors the 2018 one. An arrest in Kotor, more than eight years after the original unsealing, is exactly the kind of result that long memory produces.
The Long Road From Podgorica
Barati now faces an extradition hearing before a High Court judge in Podgorica, Montenegro’s capital. The case will move through Montenegro’s domestic courts before any transfer to the Southern District of New York can occur, and Barati is expected to appear in Podgorica in connection with the proceedings.
Montenegro is a NATO member, a U.S. ally, and a small Adriatic country of roughly 620,000 people that is widely seen as next in line for European Union accession. The country has a track record on U.S. extradition requests: it has previously handed over fugitives convicted in multi-million-dollar fraud cases, and it is currently handling a separate, extended extradition dispute over crypto entrepreneur Do Kwon, whose transfer to the United States was halted by a Montenegrin appeals court before being retried. That history suggests the Barati case will not be automatic, but the political signal from a NATO ally under an FBI request points toward cooperation. The stolen data and compromised accounts were routed for the benefit of the Islamic Revolutionary Guard Corps and Iranian universities, according to Montenegro’s police statement.
Inside the $3.4 Billion Figure
The $3.4 billion figure is not a tally of wire-transfer losses. It is the estimated cost that U.S. universities spent to procure and access the academic data and intellectual property that the hackers stole, plus the cost of re-securing systems and recovering access after credentials were compromised.
The 2018 DOJ announcement put the scale of the stolen material at over 31.5 terabytes of academic data, which FBI Assistant Director William F. Sweeney Jr. described at the time as roughly equivalent to 8 billion double-sided pages of text. The exfiltrated material spanned academic journals, theses, dissertations, electronic books, and professor email inboxes across science, technology, engineering, medical, social sciences, and other professional fields.
The $3.4 billion estimate in the 2026 Montenegro statement covers remediation and access-replacement costs across “more than 150” U.S. universities (per Montenegro’s police) or 144 U.S.-based universities (per the 2018 DOJ case). The bar is 31.5 terabytes of academic data, the cost is reconstruction of access, and the spread of the campaign is what produces the nine-figure damage tag.
- Academic journals, theses, dissertations, and electronic books exfiltrated from compromised university systems.
- Login credentials for roughly 8,000 professor email accounts across U.S. universities (per the 2018 case).
- Entire email mailboxes stolen from compromised private-sector employees in the United States and abroad.
- Password-spraying attacks against U.S. and foreign companies, government agencies, and the United Nations.
- Stolen material resold through Iran-based sites (Megapaper.ir and Gigapaper.ir in the 2018 case) for use by Iranian customers, including Iran-based public universities.
Iran’s Broader Cyber Posture
The Montenegro arrest lands inside an active U.S. warning cycle. In April 2026, U.S. cybersecurity, law enforcement, and intelligence agencies warned of an escalation of Iranian hacking campaigns targeting equipment across critical U.S. infrastructure. The Barati case is the operational counterpart to that warning, a single suspect pulled out of a pipeline the U.S. government says is still running.
Iran and the IRGC have a long history of state-sponsored cyber operations targeting the United States, often linked to the IRGC. Montenegro itself has been on the receiving end: officials there previously described a wave of cyberattacks as “unprecedented” and linked them to Russia through its National Security Agency. The Kotor arrest is a Montenegro-side action with an FBI-side target, and it illustrates how a small NATO member is being used as a transit jurisdiction for U.S. cybercrime enforcement.
The arrest does not close the pipeline. It pulls one figure out of it. If Barati is extradited and prosecuted in New York, it would mark the first publicly confirmed U.S. courtroom resolution tied to the 2013-era university campaign. The remaining defendants from the 2018 case, and any sealed co-conspirators, remain at large. See Iran’s accusation that Israel hijacked its state television for parallel Iranian-side accusations of foreign cyber operations.
Frequently Asked Questions
Who is Amir Barati?
Amir Barati is a 39-year-old man identified by Montenegrin media as the dual Iranian-Turkish national arrested by Montenegro’s police directorate in Kotor on Thursday, June 25, 2026, at the request of the United States and the FBI.
Is Barati connected to the 2018 Mabna Institute case?
Barati’s name does not appear on the FBI’s public 2018 list of nine defendants charged in the Mabna Institute campaign, but the allegations closely match that case, including the 2013 start date, the university targets, the IRGC tie, and the $3.4 billion damage estimate, according to Iran International reporting.
What does the $3.4 billion measure?
The $3.4 billion is the estimated cost U.S. universities spent to procure and access the academic data and intellectual property that was stolen and to remediate the intrusions, not a tally of wire-transfer losses.
How does Montenegro’s extradition process work?
After an arrest at the request of a foreign government, the case goes to a High Court judge in Podgorica for an extradition hearing. Montenegro has previously extradited U.S. fugitives and is currently handling a separate extradition dispute over crypto figure Do Kwon.
What happens next in the Barati case?
Barati will appear in a Podgorica court for the extradition hearing. If Montenegro approves the U.S. request, he will be transferred to the Southern District of New York to face the charges, which include conspiracy to commit computer fraud, hacking, and identity theft.
