The US government has charged and sanctioned four Iranian nationals over claims they carried out a yearslong hacking campaign against US government agencies and companies. It also accuses the group of waging these attacks on behalf of the Iranian government.
An indictment unsealed on Tuesday alleges that from around 2016 through at least April 2021, the four individuals waged cyberattacks against “more than a dozen” US-based companies, along with the US departments of the Treasury and State. The companies targeted by the attacks were “primarily” contractors for the US Department of Defense that had access to sensitive information.
The indictment names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab as the alleged perpetrators. Each of them allegedly worked for Mahak Rayan Afraz, a “front” company supporting the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC). The IRGC-CEC has also been linked to last year’s cyberattacks on water plants in the US.
As alleged by the DOJ, the group used spearphishing to carry out their cyberattacks, which involves tricking a victim into clicking on a malicious link that installs malware on their computer. The group allegedly managed to access an administrator account belonging to a defense contractor, allowing them to create additional accounts that they used to send spearphishing attempts to other companies. The four Iranian nationals are also accused of using social engineering to impersonate people “to obtain the confidence of victims” as they carried out their attacks.
“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” Brian Nelson, the Department of the Treasury’s undersecretary for terrorism and financial intelligence, says in a statement. “The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”
The DOJ has charged the group with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud. It’s offering an up to $10 million reward for anyone with information leading to the location or identification of the four individuals. The US Department of Treasury has also issued sanctions against each of the alleged perpetrators and the front company they used to carry out their attacks.