The U.S. government has charged and imposed sanctions on four Iranian nationals for allegedly carrying out a years-long hacking campaign against U.S. government agencies and companies. It also accuses the group of carrying out these attacks on behalf of the Iranian government.
An indictment unsealed Tuesday alleges that the four individuals carried out cyberattacks against “more than a dozen” U.S.-based companies and the U.S. Treasury and State departments from about 2016 through at least April 2021. The companies targeted in the attacks were “primarily” US Department of Defense contractors who had access to sensitive information.
The indictment names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani and Alireza Shafie Nasab as the alleged perpetrators. Each of them allegedly worked for Mahak Rayan Afraz, a “front company” supporting the Cyber Electronic Command (IRGC-CEC) of Iran’s Islamic Revolutionary Guard Corps. The IRGC-CEC has also been linked to the cyberattacks on water facilities in the US last year.
The Justice Department alleges that the group used spearphishing in its cyberattacks, in which a victim was tricked into clicking on a malicious link that installed malware on their computer. The group allegedly managed to access a defense contractor’s administrator account, allowing them to create additional accounts through which they could send spearphishing attempts to other companies. The four Iranian nationals are also accused of using social engineering to impersonate people “to gain the trust of victims” when carrying out their attacks.
“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign designed to destabilize our critical infrastructure and harm our citizens,” said Brian Nelson, Under Secretary for Terrorism and Financial Intelligence at the Treasury Department. it says in a statement. “The United States will continue to use our cross-government approach to uncover and disrupt the operations of these networks.”
The Justice Department has charged the group with conspiracy to commit computer fraud, conspiracy to commit wire fraud and wire fraud. A reward of up to $10 million is being offered for anyone with information on the location or identification of the four people. The US Treasury Department has also imposed sanctions on each of the alleged perpetrators and the front company they used to carry out their attacks.