Four Iranian nationals were indicted Tuesday for allegedly being part of a multi-year “malicious cyber ops” campaign targeting the U.S. State and Treasury departments, defense contractors and two companies in New York.
The Department of Justice (DOJ) unsealed the indictment in a Manhattan federal court, charging Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab with computer fraud, conspiracy to commit wire fraud, wire fraud and other charges.
Along with the unsealing of the indictment against the four conspirators, the U.S. Department of State’s Rewards for Justice program (RFJ) announced it was offering up to $10 million for information leading to the identification or location of the group and the defendants, the DOJ said.
The Treasury Department also announced sanctions against the four conspirators and other cyber actors.
“Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability,” Attorney General Merrick B. Garland said. “These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign from Iran targeting more than a dozen American companies and the U.S. Treasury and State Departments. This case represents just one part of the U.S. government’s effort to counter the range of threats originating from Iran that endanger the American people.”
The indictment alleges that between at least 2016 through April 2021, Harooni, Kazemifar, Salmani, Nasab and others were part of a hacking organization accused of participating in a multi-year, coordinated campaign to conduct computer intrusions.
The hackers targeted over a dozen U.S. companies as well as the U.S. Treasury and U.S. State Department.
Kazemifar, Salmani and Nasab worked for Mahak Rayan Afraz, a company based in Iran that offered cybersecurity services, but the DOJ alleges the company was just a front for their operation.
Those targeted in the private sector were cleared by defense contractors with security clearance granted by the U.S. Department of Defense (DoD), allowing them to access, receive and store classified information to conduct activities in support of DoD programs.
The alleged hackers also targeted an accounting firm and a hospitality company, both located in New York.
NEW YORK LEGISLATURE HIT BY CYBERATTACK
While conducting the hacking campaigns, the conspirators tricked email recipients into clicking on links that turned out to be malicious and infected the computers with malware.
In one campaign, the group targeted one victim, which resulted in over 200,000 employee accounts becoming compromised.
The hackers conducted another campaign in which they targeted about 2,000 employee accounts, the DOJ said.
As the group continued with their attacks, the hackers were able to access an administrator’s email account belonging to a defense contractor. The access allowed the conspirators to establish unauthorized accounts that were used to send hacking campaigns to employees of another defense contractor and a consulting firm.
The indictment noted that Kazemifar was responsible for testing the tools used in the campaigns. He also allegedly worked for the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), which is part of the Islamic Revolutionary Guard Corps (IRGC).
The U.S. has designated the IRGC as a foreign terrorist organization.
Harooni, the indictment alleged, procured, administered and managed the group’s infrastructure – things like computer servers and software used to conduct the hacking operations.
FRENCH GOVERNMENT HIT WITH ‘UNPRECEDENTED’ WAVE OF CYBERATTACKS
He also allegedly used a real person’s passport to conceal his role in the campaign.
Salmani, like Kazemifar, tested the tools used to execute hacking campaigns, including that used against a hospitality company.
Nasab is accused of creating the infrastructure used in social engineering campaigns in which women were used to gain confidence from victims before deploying malware on their computers and devices.
All four conspirators were charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud and wire fraud. They face up to five years in prison for computer fraud conspiracy and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.
The DOJ said Harooni was also charged with knowingly damaging a protected computer, which has a maximum sentence of 10 years in prison if found guilty. The DOJ charged Harooni, Salmani and Nasab with aggravated identity theft, as well.