Former Google Engineers Indicted Over Trade Secret Transfers to Iran - The Hacker News

Former Google Engineers Indicted Over Trade Secret Transfers to Iran Ravie LakshmananFeb 20, 2026Insider Threat / Corporate Espionage Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused of conspiring to commit trade secret theft from Google and other leading technology companies, theft and attempted theft of trade secrets, and obstruction of justice. The three defendants, all Iranian nationals and residing in San Jose, were arrested on Thursday and made their initial appearances in federal district court in the California city. According to the U.S. Department of Justice (DoJ), the Ghandali sisters worked at Google before joining another technology company identified as Company 3. Khosravi is said to have been employed at a different company (named Company 2). All three of them landed jobs in the area of mobile computer processors. While the names of Company 2 and Company 3 were not disclosed, The Hacker News found that Soroor Ghandali worked as a hardware engineer intern at Google before joining Intel. Khosravi, on the other hand, was employed at Qualcomm as an ASIC design engineer. "As part of the alleged scheme to commit trade secret theft, the defendants used their employment to obtain access to confidential and sensitive information," the DoJ said in a press release. "The defendants then exfiltrated confidential and sensitive documents, including trade secrets related to processor security and cryptography and other technologies, from Google and other technology companies to unauthorized third-party and personal locations, including to work devices associated with each other's employers, and to Iran." In a statement shared with Bloomberg, a Google spokesperson said the company has enhanced safeguards to protect its confidential information and immediately alerted law enforcement after discovering the incident. The trade secrets pertained to the company's Tensor processor for Pixel phones. Samaneh Ghandali, per the department, transferred hundreds of files, including Google trade secrets, to a third-party communications platform, specifically to channels that had each of the defendant's first names. Soroor Ghandali is also alleged to have exfiltrated numerous Google-related files, which contained trade secrets, to the same channels while working for the company. The trade secret files were subsequently copied to different personal devices, as well as a work device belonging to Khosravi and a work device issued to Soroor Ghandali by Company 3. The defendants then concealed their actions by submitting false, signed affidavits; destroyed the exfiltrated files from electronic devices; and manually took photographs of screens containing the documents’ contents instead of transferring the documents using the messaging app. "After Google's internal security systems detected Samaneh Ghandali's activity and Google revoked her access to company resources in August 2023, Samaneh Ghandali allegedly executed a signed affidavit claiming she had not shared Google's confidential information with anyone outside the company," the DoJ added. Furthermore, Samaneh Ghandali and Khosravi performed searches online and visited websites about deleting communications and other data. This included queries related to the duration for which a cellular service provider kept "messages to print out for court." In the meantime, the couple is alleged to have continued accessing Google trade secrets stored on their personal devices for purposes of manually photographing hundreds of computer screens of both Google's and Company 2's sensitive information for an unspecified duration that stretched for months. Samaneh Ghandali also allegedly manually captured with her mobile phone about 24 photographs of Khosravi's work computer screen containing Company 2 trade secret information on the night before the pair traveled to Iran in December 2023. These photographs were then accessed from a personal device associated with Samaneh Ghandali in Iran. If convicted, each defendant faces a maximum sentence of 10 years in prison and a $250,000 fine for each count of trade secret theft charges and a maximum sentence of 20 years in prison and a $250,000 fine for the count of obstruction of justice. The development comes less than a month after another ex-Google engineer, Linwei Ding, was convicted in the U.S. for stealing thousands of the company's confidential documents to build a startup in China. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  corporate espionage, cryptography, cybersecurity, data exfiltration, Department of Justice, Google, insider threat, Semiconductor Security Trending News Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Load More ▼ Popular Resources Guide - Discover How to Validate AI Risks With Adversarial Testing Fix Security Noise by Focusing Only on Validated Exposures Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Get the 2026 ASV Report to Benchmark Top Validation Tools