The Department of Justice (DOJ) unsealed an indictment on Tuesday charging several Iranians for conducting a massive cyber campaign to compromise the U.S. government.

Four Iranian nationals, including one who worked for an Islamic Revolutionary Guard Corps (IRGC) unit, face up to 25 years in prison for their role in waging a multi-year cyber attack campaign against the Departments of State and Treasury and a number of defense contractors. Iran is the world’s largest state sponsor of terrorism, an adversary to the U.S., and has previously been credibly accused of waging cyber warfare against American targets.

“The FBI is constantly working to detect and counter cyber campaigns like the one described in today’s indictment. From enabling lethal plots and repressing our citizens and residents to targeting our critical infrastructure, we’ve often seen the trail of dangerous cyber-criminal activity lead back to Iran,” FBI Director Christopher Wray said on Tuesday.

Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies

During the Course of the Conspiracy, One Defendant Also Worked for an IRGC Electronic Warfare and Cyber Defense Unit

: https://t.co/kYt4twk3Mk pic.twitter.com/LxkPAL4vmw

— National Security Division, U.S. Dept of Justice (@DOJNatSec) April 23, 2024

“Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability,” Attorney General Merrick Garland said Tuesday. “This case represents just one part of the U.S. government’s effort to counter the range of threats originating from Iran that endanger the American people.”

The four Iranian hackers — Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie — participated in a hacking organization from at least 2016 to 2021. During hacking operations, the nationals targeted several victims across over a dozen American companies and the Treasury and State departments.

Through spear phishing tactics, the hackers tricked victims into clicking unsuspecting email links and spread malware to over 202,000 accounts from at least 2016 to 2021. In one instance the hackers gained access to a defense contractor’s email account and used it to send more malware through spear phishing tactics to another contractor and a consulting firm.

In other cases, the hackers would orchestrate “social engineering” campaigns, posing as other people — generally women — to gain the “confidence” of their victims, according to the DOJ.

Harooni was tasked with building and managing the hackers’ online network, Salmani tested the spear phishing tools used to propagate cyber attacks and Nasab was responsible for acquiring the infrastructure used in the operations, according to the DOJ. Kazemifar tested cyber attack tools, chiefly those used in spear phishing campaigns, and previously worked for the IRGC’s electronic and cyber warfare unit.

The hackers face up to 25 years in prison if convicted on wire and computer fraud charges, though Harooni could face an additional ten years if convicted on charges that he knowingly damaged a protected computer. All four defendants are at large and the U.S. is offering up to $10 million of information as to their whereabouts or identities.

• About
• Latest Posts

Jake Smith

Latest posts by Jake Smith (see all)

• ‘There would be a court process’: UK signals it would arrest Netanyahu if he visits - November 25, 2024
• This country is cracking down on social media speech — and it’s not China or Russia - November 22, 2024
• ‘We already did everything possible’: North Korea gives Trump cold shoulder, signals zero interest in renewing talks - November 22, 2024

Comment

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. Thank you for partnering with us to maintain fruitful conversation.