US Justice Dept indicts Iranian nationals for 'hack-and-leak' attacks against Trump campaign


The US Department of Justice (DoJ) on Friday indicted three Iranian nationals for allegedly engaging in a ‘hack and leak’ scheme targeting the Trump and Biden campaigns in an effort to influence the upcoming US presidential election.

Besides Trump and Biden campaign workers, the wide-ranging hacking campaign has gone after current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists since 2019, and continues today, the DoJ said.

Justice officials said the three men, Masoud Jalili (36), Seyyed Ali Aghamiri (34), and Yaser Balaghi (37), were working on behalf of the Islamic Revolutionary Guard Corps (IRGC), which was designated as a foreign terrorist organization by the US in 2019.

ADVERTISEMENT

According to the DoJ, the goal of the Iranian years-long “hack and leak” campaign was to steal sensitive information, undermine confidence in the US election process, and support the IRGC's ongoing efforts, including retaliation for the 2020 death of Qasem Soleimani, a former IRGC commander.

“Today’s charges represent the culmination of a thorough and long-running FBI investigation,” FBI Director Christopher Wray said, emphasizing the gravity of the threat posed by state-sponsored hacking campaigns.

“The conduct laid out in the indictment is just the latest example of Iran’s brazen behavior. So today the FBI would like to send a message to the Government of Iran – you and your hackers can’t hide behind your keyboards,” he said.

Last month, several US media outlets began to report they had been receiving emails from anonymous accounts containing sensitive documents from Trump’s campaign.

Around the same time, Microsoft had released a report stating it found Iranian hackers had broken into the account of a ‘high ranking official’ on the US presidential campaign a few months earlier.

A spokesperson for Trump quickly blamed Microsoft’s Iranian hackers as responsible for the breach of Trump campaign documents, with the combination of events adding to the DoJ investigation.

ADVERTISEMENT

“The Justice Department is working relentlessly to uncover and counter Iran’s cyberattacks aimed at stoking discord, undermining confidence in our democratic institutions, and influencing our elections,” said Attorney General Merrick B. Garland.

“The American people – not Iran, or any other foreign power – will decide the outcome of our country’s elections,” Garland said.

Hackers used targeted spearphishing attacks and VPNs

The DoJ said the hackers had previously been focused on compromising the accounts of former U.S. officials, but had recently ramped up efforts to hack the personal accounts of those linked to the 2024 US presidential campaign.

Particularly, the one belonging to Republican presidential candidate and former US President Donald Trump, which is referred to in the indictment as "U.S. Presidential Campaign 1."

In late June and early July, the hackers gained unauthorized access to sensitive Trump campaign documents and emails, which they then attempted to weaponize the stolen information by leaking it not only to the media, but also to the rival Biden camp, aka "U.S. Presidential Campaign 2.”

Iranian hacker US election FBI poster
US Department of Justice

To note, President Joe Biden dropped out of the 2024 presidential race on July 21st, while Vice President Kamala Harris did not officially become the new Democratic presidential candidate until August 2nd.

The hackers were said to have used spearphishing and social engineering attacks to compromise their victims' computers and accounts, and obtain victims’ login information and multi-factor recovery/authentication codes.

The criminals would create spoofed login pages to harvest account credentials, and would create fake email accounts in the names of prominent US persons and international institutions to phish victims – all while using VPNs to mask their identities.

ADVERTISEMENT

Despite the hacker's efforts, there is no indication that any of the target victims – including from either the Trump or the Biden/Harris campaign – replied to any of the hackers' phishing attempts.

Broader implications for the Iran-US relations

This DoJ says the case underscores Iran's broader cyber operations aimed at disrupting US interests and institutions.

The indictment further alleges the suspects tried to interfere with US Middle East policy by hacking the email accounts of former US officials and obtaining information about the whereabouts and policy positions of other key officials.

This information was thought to have been used by the IRGC to target those key US officials.

“These hack-and-leak efforts by Iran are a direct assault on the integrity of our democratic processes,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.

“Iranian government actors have long sought to use cyber-enabled means to harm U.S. interests…and interfere with our free and open society,” Olsen said.

The trio now faces several charges, including conspiracy to commit identity theft, unauthorized access to computers, and wire fraud.

ADVERTISEMENT

They could face up to 27 years in prison for some of the charges, with additional penalties for providing support to a designated foreign terrorist organization.

Along with today’s announcement, the Department of State issued a reward of up to $10 million for any information on either of the men, the hacking operation, and associated individuals and entities.

The US Department of the Treasury’s Office of Foreign Asset Control (OFAC) further issued sanctions against Jalil, as part of a group of seven Iranians for taking part in US election interference and malicious cyber-enabled operations.