The Department of Justice (DOJ) unsealed an indictment on Tuesday charging several Iranians for conducting a massive cyber campaign to compromise the U.S. government.
Four Iranian nationals, including one who worked for an Islamic Revolutionary Guard Corps (IRGC) unit, face up to 25 years in prison for their role in waging a multi-year cyber attack campaign against the Departments of State and Treasury and a number of defense contractors. Iran is the world’s largest state sponsor of terrorism, an adversary to the U.S. and has previously been credibly accused of waging cyber warfare against American targets.
“The FBI is constantly working to detect and counter cyber campaigns like the one described in today’s indictment. From enabling lethal plots and repressing our citizens and residents to targeting our critical infrastructure, we’ve often seen the trail of dangerous cyber-criminal activity lead back to Iran,” FBI Director Christopher Wray said on Tuesday.
“Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability,” Attorney General Merrick Garland said Tuesday. “This case represents just one part of the U.S. government’s effort to counter the range of threats originating from Iran that endanger the American people.”
The four Iranian hackers — Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani and Alireza Shafie — participated in a hacking organization from at least 2016 to 2021. During hacking operations, the nationals targeted several victims across over a dozen American companies and the Treasury and State departments.
Through spear phishing tactics, the hackers tricked victims into clicking unsuspecting email links and spread malware to over 202,000 accounts from at least 2016 to 2021. In one instance the hackers gained access to a defense contractor’s email account and used it to send more malware through spear phishing tactics to another contractor and a consulting firm.
In other cases, the hackers would orchestrate “social engineering” campaigns, posing as other people — generally women — to gain the “confidence” of their victims, according to the DOJ.
Harooni was tasked with building and managing the hackers’ online network, Salmani tested the spear phishing tools used to propagate cyber attacks and Nasab was responsible for acquiring the infrastructure used in the operations, according to the DOJ. Kazemifar tested cyber attack tools, chiefly those used in spear phishing campaigns, and previously worked for the IRGC’s electronic and cyber warfare unit.
The hackers face up to 25 years in prison if convicted on wire and computer fraud charges, though Harooni could face an additional ten years if convicted on charges that he knowingly damaged a protected computer. All four defendants are at large and the U.S. is offering up to $10 million of information as to their whereabouts or identities.