Four Iranian nationals charged in cyber campaign against US firms

The US Department of Justice (DoJ) Tuesday charged four Iranian nationals for their involvement in a multi-year cyber campaign that, allegedly, targeted US companies with access to military defense information. Now, they're offering a $10 million reward to anyone who can help find them.

The four men – all in their 30s and still at large – are accused of trying to hack into more than a dozen US companies, including a New York-based accounting firm, a New York-based hospitality company, as well as the US Treasury and State Departments from roughly 2016 through 2021.

The suspects worked for an Iranian-based company (Mahak Rayan Afraz), which claimed to provide cybersecurity services to its target victims, but was actually an illegal front used to carry out the cyber espionage operations.

“As alleged, the defendants participated in a cyber campaign using spearphishing and other hacking techniques in an attempt to compromise private companies with access to defense-related information,” said US Attorney Damian Williams for the Southern District of New York.

In spearphishing attacks, realistic-looking emails containing malicious links are sent to targeted victims. The victim is tricked into clicking on the link, which then infects their computer with malware.

According to the DoJ, the group compromised more than 200,000 employee accounts at one company and targeted 2,000 employee accounts at another.

In general, the suspects gained administrative privileges at one defense contractor, created several fake accounts, and used those accounts to target other defense contractors and consulting firms, often posing as females to obtain the confidence of victims, the court documents showed.

Hackers tied to Iranian gov

During the multi-year campaign, one of the named suspects, Reza Kazemifa, was said to have worked for the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), an arm of the Islamic Revolutionary Guard Corps (IRGC), which is a US-designated terror organization.

The other defendants – identified as Hossein Harooni, Alireza Nasab, and Komeil Salmani – were said to have helped manage the group’s online network infrastructure, including computer servers and customized software tools used to facilitate the computer intrusions.

The Justice Department is offering a $10 million reward for any information leading to the defendants.

“From enabling lethal plots and repressing our citizens and residents to targeting our critical infrastructure, we’ve often seen the trail of dangerous cyber-criminal activity lead back to Iran,” said FBI Director Christopher Wray.

The defendants are each charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud, among other individual charges, such as damaging a protected computer and aggravated identity theft.

If convicted, they face up to twenty-five years in prison for the computer fraud conspiracy, and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud, the DoJ stated.

Additionally, the Treasury Department announced sanctions against EWCD and another Iranian-based company – Dadeh Afzar Arman (DAA) – also a front for Iran’s military guard. Sanctions covered the four defendants and several other accused nationals.

“The Department is committed to using a whole-of-government approach to disrupt such malicious activities and impose consequences on the individuals that carry them out,” said Assistant Attorney General Matthew G. Olsen of the DoJ’s National Security Division.

“Employees that continue to work at these companies risk arrest and prosecution or a lifetime as an international fugitive from justice,” Olsen said.

More from Cybernews:

Apple expected to launch revamped iPad model at May 7 event

Double-extorted Change Healthcare says “a substantial proportion” of Americans exposed

HelloKitty ransomware rebranded and back in business, looking for employees

Startup raising money to manufacture invisibility shields

Airchat – the latest social networking platform for audio communication – review

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked