MANHATTAN, NY - On Tuesday, April 22nd, four Iranian nationals were indicted for their part in a multi-year cyber campaign targeting the U.S. State and Treasury departments, defense contractors, and two companies out of New York.
According to Fox News, the Department of Justice (DOJ) unsealed the indictment in a Manhattan federal court, charging the four Iranian nationals with computer fraud, conspiracy to commit wire fraud, wire fraud, and other charges. The individuals charged have been identified as Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab.
The press release from the DOJ also states that Nasab was charged for the same conduct in a previous indictment that was unsealed on February 29th. All four defendants remain at large. The press release said, "Concurrent with today's unsealing, the U.S. Department of State's Rewards for Justice Program (RJF) is offering a reward of up to $10 million for information leading identification or location of the group and the defendants."
In a statement, Attorney General Merrick B. Garland said, "Criminal activity originating from Iran poses a grave threat to America's national security and economic stability. These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign from Iran targeting more than a dozen American companies and the U.S. Treasury and State Departments. This case represents just one part of the U.S. government's effort to counter the range of threats originating from Iran that endanger the American people."
In a separate statement, FBI Director Christopher Wray said, "The FBI is constantly working to detect and counter cyber campaigns like the one described in today's indictment. From enabling lethal plots and repressing our citizens and residents to targeting our critical infrastructure, we've often see the trail of dangerous cyber-criminal activity lead back to Iran."
The indictment alleges that between at least 2016 through April 2021, Harooni, Kazemifar, Salmani, Nasab, and others were part of a hacking organization accused of participating in a multi-year, coordinated campaign to conduct computer instrusions. Kazemifar, Salmani, and Nasab worked for Mahak Rayan Afraz, a company based in Iran that offered cybersecurity services. However, the DOJ alleges that the company was just a front for their operation.
According to the DOJ, the hacking group's private sector victims were primarily cleared defense contractors, which are companies that have been granted security clearances by the U.S. Department of Defense (DoD) to "access, receive, and store classified information for the purpose of conducting activities in support of U.S. Department of Defense programs."
The group also targeted a New York-based accounting firm and a New York-based hospitality company. DOJ said, "In conducting their hacking campaigns, the group used spearphishing — tricking an email recipient into clicking on a malicious link — to infect victim computers with malware. During their campaigns against one victim, the group compromised more than 200,000 employee accounts. In another campaign, the conspirators targeted 2,000 employee accounts."
Additionally, the DOJ said, "In the course of these spearphishing attacks, the conspirators compromised an administrator email account belonging to a defense contractor (Defense Contractor-1). Access to this administrator account empowered the conspirators to create unauthorized Defense Contractor-1 accounts, which the conspirators then used to send spearphishing campaigns to employees of a different defense contractor and a consulting firm."
The indictment noted that Kazemifar was responsible for testing the tools used in the campaigns. He also allegedly worked for the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), which is part of the Islamic Revolutionary Guard Corps (IRGC). The U.S. has designated the IRGC as a foreign terrorist organization.
The indictment alleges that Harooni procured, administered, and managed the group's infrastructure including things like computer servers and the software used to conduct the hacking operations. He also allegedly used a real person's passport to conceal his role in the campaign. Salmani, like Kazemifar, tested the tools used to execute the hacking campaigns, including the one used against a hospitality company.
Nasab has been accused of creating the infrastructure used in social engineering campaigns in which women were used to gain the confidence from victims before deploying malware on their computers and devices. If convicted, all four face up to five years in prison for computer fraud conspiracy and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.
The DOJ said that Harooni was also charged with knowingly damaging a protected computer, which has a maximum sentence of 10 years in prison if found guilty. Harooni, Salmani, and Nasab have also been charged with aggravated identity theft.
In a statement, Assistant Attorney General Matthew G. Olsen of the Department of Justice's National Security Division said, "Today's charges pull back the curtain on an Iran-based company that purported to provide 'cybersecurity services' while in actuality scheming to compromise U.S. private and public sector computer systems, including through spearphishing and social engineering attacks."
According to Fox News, the Department of Justice (DOJ) unsealed the indictment in a Manhattan federal court, charging the four Iranian nationals with computer fraud, conspiracy to commit wire fraud, wire fraud, and other charges. The individuals charged have been identified as Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab.
The press release from the DOJ also states that Nasab was charged for the same conduct in a previous indictment that was unsealed on February 29th. All four defendants remain at large. The press release said, "Concurrent with today's unsealing, the U.S. Department of State's Rewards for Justice Program (RJF) is offering a reward of up to $10 million for information leading identification or location of the group and the defendants."
In a statement, Attorney General Merrick B. Garland said, "Criminal activity originating from Iran poses a grave threat to America's national security and economic stability. These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign from Iran targeting more than a dozen American companies and the U.S. Treasury and State Departments. This case represents just one part of the U.S. government's effort to counter the range of threats originating from Iran that endanger the American people."
In a separate statement, FBI Director Christopher Wray said, "The FBI is constantly working to detect and counter cyber campaigns like the one described in today's indictment. From enabling lethal plots and repressing our citizens and residents to targeting our critical infrastructure, we've often see the trail of dangerous cyber-criminal activity lead back to Iran."
The indictment alleges that between at least 2016 through April 2021, Harooni, Kazemifar, Salmani, Nasab, and others were part of a hacking organization accused of participating in a multi-year, coordinated campaign to conduct computer instrusions. Kazemifar, Salmani, and Nasab worked for Mahak Rayan Afraz, a company based in Iran that offered cybersecurity services. However, the DOJ alleges that the company was just a front for their operation.
According to the DOJ, the hacking group's private sector victims were primarily cleared defense contractors, which are companies that have been granted security clearances by the U.S. Department of Defense (DoD) to "access, receive, and store classified information for the purpose of conducting activities in support of U.S. Department of Defense programs."
The group also targeted a New York-based accounting firm and a New York-based hospitality company. DOJ said, "In conducting their hacking campaigns, the group used spearphishing — tricking an email recipient into clicking on a malicious link — to infect victim computers with malware. During their campaigns against one victim, the group compromised more than 200,000 employee accounts. In another campaign, the conspirators targeted 2,000 employee accounts."
Additionally, the DOJ said, "In the course of these spearphishing attacks, the conspirators compromised an administrator email account belonging to a defense contractor (Defense Contractor-1). Access to this administrator account empowered the conspirators to create unauthorized Defense Contractor-1 accounts, which the conspirators then used to send spearphishing campaigns to employees of a different defense contractor and a consulting firm."
The indictment noted that Kazemifar was responsible for testing the tools used in the campaigns. He also allegedly worked for the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), which is part of the Islamic Revolutionary Guard Corps (IRGC). The U.S. has designated the IRGC as a foreign terrorist organization.
The indictment alleges that Harooni procured, administered, and managed the group's infrastructure including things like computer servers and the software used to conduct the hacking operations. He also allegedly used a real person's passport to conceal his role in the campaign. Salmani, like Kazemifar, tested the tools used to execute the hacking campaigns, including the one used against a hospitality company.
Nasab has been accused of creating the infrastructure used in social engineering campaigns in which women were used to gain the confidence from victims before deploying malware on their computers and devices. If convicted, all four face up to five years in prison for computer fraud conspiracy and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.
The DOJ said that Harooni was also charged with knowingly damaging a protected computer, which has a maximum sentence of 10 years in prison if found guilty. Harooni, Salmani, and Nasab have also been charged with aggravated identity theft.
In a statement, Assistant Attorney General Matthew G. Olsen of the Department of Justice's National Security Division said, "Today's charges pull back the curtain on an Iran-based company that purported to provide 'cybersecurity services' while in actuality scheming to compromise U.S. private and public sector computer systems, including through spearphishing and social engineering attacks."
For corrections or revisions, click here.
The opinions reflected in this article are not necessarily the opinions of LET
Comments