The U.S. government charged four Iranian nationals for their alleged involvement in multi-year hacking operations targeting several prominent entities including the U.S. Treasury and State departments, defense contractors, and two New York-based companies. These activities are purportedly conducted on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC).
The indicted individuals Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab are charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud. They face significant penalties, including up to five years in prison for the computer fraud conspiracy charge and up to 20 years for each count of wire fraud and conspiracy to commit wire fraud, according to the U.S. Department of Justice.
“Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability,” said Attorney General Merrick Garland. “These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign from Iran targeting more than a dozen American companies and the U.S. Treasury and State Departments.”
US Treasury Imposed Sanctions While State Offers $10 million Reward
Owing to this, the U.S. Department of Treasury also imposed sweeping sanctions on the accused, while the State Department offered a reward of up to $10 million and potential relocation for any information leading to the apprehension of three of the suspects or the associated companies.
The Treasury Department said that all four individuals have ties to IRGC front companies, namely Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzar Arman (DAA), which were allegedly used in orchestrating various aspects of the attacks.
“Today’s charges pull back the curtain on an Iran-based company that purported to provide ‘cybersecurity services’ while in actuality scheming to compromise U.S. private and public sector computer systems, including through spearphishing and social engineering attacks,” said Assistant Attorney General Matthew Olsen of the Department of Justice’s National Security Division.
Of the four, Harooni was allegedly responsible for procuring, administering, and managing the online network infrastructure, including computer servers and customized software used to facilitate the computer intrusions. He faces additional charges of knowingly damaging a protected computer, which could result in a further 10-year prison term.
Harooni, Salmani, and Nasab are also accused of aggravated identity theft, carrying a mandatory consecutive two-year prison sentence, according to the Justice Department.
The Deeper Dive Into the Multi-year Hacking Operations
The group is alleged to have engaged in “a coordinated multi-year campaign to conduct and attempt to conduct computer intrusions” from 2016 through at least April 2021. The hackers employed spearphishing, targeting employees via deceptive emails, infecting over 200,000 accounts in one campaign and 2,000 in another. They used an undisclosed custom application to organize and execute these attacks efficiently, as per the Justice Department.
By compromising an administrator email of a Defense Contractor, they created unauthorized accounts to launch spearphishing campaigns against employees of other contractors and consulting firms. They also employed social engineering tactics including women impersonations, to gain victims’ trust and deploy malware, further compromising devices and accounts, the Justice Department said.
Their primary targets were cleared defense contractors, entities authorized to access, receive, and store classified information for the U.S. Department of Defense.
In addition to defense contractors, the group also reportedly targeted a New York-based accounting firm and a New York-based hospitality company. Overall, they are accused of targeting over a dozen U.S. companies, in addition to the Treasury and State departments, according to the State Department’s reward offer.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), has previously warned that the IRGC and its affiliated cyber actors have been targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs), that are especially used in various critical infrastructure sites.
Other than hacking, Iran has also resorted to influence operations to achieve its geopolitical aims, combining offensive cyber operations in a multi-pronged approach.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
