The US authorities has charged and sanctioned 4 Iranian nationals over claims they carried out a yearslong hacking marketing campaign in opposition to US authorities businesses and corporations. It additionally accuses the group of waging these assaults on behalf of the Iranian authorities.
An indictment unsealed on Tuesday alleges that from round 2016 by at the very least April 2021, the 4 people waged cyberattacks in opposition to “greater than a dozen” US-based corporations, together with the US departments of the Treasury and State. The businesses focused by the assaults had been “primarily” contractors for the US Division of Protection that had entry to delicate data.
The indictment names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab because the alleged perpetrators. Every of them allegedly labored for Mahak Rayan Afraz, a “entrance” firm supporting the Iranian Islamic Revolutionary Guard Corps Cyber Digital Command (IRGC-CEC). The IRGC-CEC has also been linked to final 12 months’s cyberattacks on water plants within the US.
As alleged by the DOJ, the group used spearphishing to hold out their cyberattacks, which entails tricking a sufferer into clicking on a malicious hyperlink that installs malware on their laptop. The group allegedly managed to entry an administrator account belonging to a protection contractor, permitting them to create further accounts that they used to ship spearphishing makes an attempt to different corporations. The 4 Iranian nationals are additionally accused of utilizing social engineering to impersonate individuals “to acquire the arrogance of victims” as they carried out their assaults.
“Iranian malicious cyber actors proceed to focus on U.S. corporations and authorities entities in a coordinated, multi-pronged marketing campaign meant to destabilize our important infrastructure and trigger hurt to our residents,” Brian Nelson, the Division of the Treasury’s undersecretary for terrorism and monetary intelligence, says in a press release. “The USA will proceed to leverage our whole-of-government method to show and disrupt these networks’ operations.”
The DOJ has charged the group with conspiracy to commit laptop fraud, conspiracy to commit wire fraud, and wire fraud. It’s providing an as much as $10 million reward for anybody with data resulting in the placement or identification of the 4 people. The US Division of Treasury has additionally issued sanctions in opposition to every of the alleged perpetrators and the entrance firm they used to hold out their assaults.
