Four Iranian nationals have been indicted for allegedly engaging in a multi-year cyber ops campaign targeting the U.S. State and Treasury departments, defense contractors and companies in New York. The Department of Justice unsealed the indictment in a Manhattan federal court, charging Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab with computer fraud, conspiracy to commit wire fraud, wire fraud and other charges. The U.S. Department of State’s Rewards for Justice program is offering up to $10 million for information leading to the identification or location of the group and the defendants. The Treasury Department has also announced sanctions against the conspirators.
Attorney General Merrick B. Garland stated that criminal activity originating from Iran poses a serious threat to America’s national security and economic stability. The indictment alleges that the hackers were part of a coordinated campaign to conduct computer intrusions targeting American companies, the U.S. Treasury, and State Departments. The hackers tricked email recipients into clicking on links that infected computers with malware, compromising over 200,000 employee accounts at one company. The conspirators also gained unauthorized access to email accounts belonging to a defense contractor, allowing them to send hacking campaigns.
The alleged hackers targeted companies cleared by defense contractors with security clearance granted by the Department of Defense, enabling them to access and store classified information. They also targeted an accounting firm and a hospitality company based in New York. Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab worked for a company that offered cybersecurity services in Iran, which the DOJ claims was a front for their operation. Kazemifar was responsible for testing the tools used in the campaigns and allegedly worked for the Iranian Organization for Electronic Warfare and Cyber Defense.
The indictment also alleges that Hossein Harooni procured, administered and managed the group’s infrastructure, including computer servers and software used in the hacking operations. He is accused of using a real person’s passport to conceal his role in the campaign. Komeil Baradaran Salmani and Alireza Shafie Nasab were charged with creating infrastructure used in social engineering campaigns to gain trust from victims before deploying malware on their computers and devices. All four conspirators face charges of conspiracy to commit computer fraud, conspiracy to commit wire fraud, wire fraud, and aggravated identity theft, with potential prison sentences ranging from five to 20 years.
The hackers targeted over a dozen U.S. companies, the U.S. Treasury, and the State Department in a series of campaigns from at least 2016 through April 2021. They were able to compromise employee accounts, establish unauthorized accounts, and send malicious links to individuals at various organizations. The indictment notes that the hackers were able to access email accounts belonging to defense contractors, resulting in the compromise of sensitive information. The cyber actors used various social engineering tactics to gain confidence from victims before deploying malware on their devices.
The U.S. government has taken action against the Iranian hackers, offering rewards for information leading to their identification or location and imposing sanctions on the conspirators. The indictment highlights the scope and severity of cyber threats originating from Iran, emphasizing the need for continued efforts to counter such threats that endanger American people and national security. The charges against the four conspirators demonstrate the U.S. government’s commitment to holding individuals accountable for engaging in malicious cyber activities.