The
US
government
has
charged
and
sanctioned
four
Iranian
nationals
over
claims
they
carried
out
a
yearslong
hacking
campaign
against
US
government
agencies
and
companies.
It
also
accuses
the
group
of
waging
these
attacks
on
behalf
of
the
Iranian
government.
An
indictment
unsealed
on
Tuesday
alleges
that
from
around
2016
through
at
least
April
2021,
the
four
individuals
waged
cyberattacks
against
“more
than
a
dozen”
US-based
companies,
along
with
the
US
departments
of
the
Treasury
and
State.
The
companies
targeted
by
the
attacks
were
“primarily”
contractors
for
the
US
Department
of
Defense
that
had
access
to
sensitive
information.
The
indictment
names
Hossein
Harooni,
Reza
Kazemifar,
Komeil
Baradaran
Salmani,
and
Alireza
Shafie
Nasab
as
the
alleged
perpetrators.
Each
of
them
allegedly
worked
for
Mahak
Rayan
Afraz,
a
“front”
company
supporting
the
Iranian
Islamic
Revolutionary
Guard
Corps
Cyber
Electronic
Command
(IRGC-CEC).
The
IRGC-CEC
has
also
been
linked
to
last
year’s
cyberattacks
on
water
plants
in
the
US.
As
alleged
by
the
DOJ,
the
group
used
spearphishing
to
carry
out
their
cyberattacks,
which
involves
tricking
a
victim
into
clicking
on
a
malicious
link
that
installs
malware
on
their
computer.
The
group
allegedly
managed
to
access
an
administrator
account
belonging
to
a
defense
contractor,
allowing
them
to
create
additional
accounts
that
they
used
to
send
spearphishing
attempts
to
other
companies.
The
four
Iranian
nationals
are
also
accused
of
using
social
engineering
to
impersonate
people
“to
obtain
the
confidence
of
victims”
as
they
carried
out
their
attacks.
“Iranian
malicious
cyber
actors
continue
to
target
U.S.
companies
and
government
entities
in
a
coordinated,
multi-pronged
campaign
intended
to
destabilize
our
critical
infrastructure
and
cause
harm
to
our
citizens,”
Brian
Nelson,
the
Department
of
the
Treasury’s
undersecretary
for
terrorism
and
financial
intelligence,
says
in
a
statement.
“The
United
States
will
continue
to
leverage
our
whole-of-government
approach
to
expose
and
disrupt
these
networks’
operations.”
The
DOJ
has
charged
the
group
with
conspiracy
to
commit
computer
fraud,
conspiracy
to
commit
wire
fraud,
and
wire
fraud.
It’s
offering
an
up
to
$10
million
reward
for
anyone
with
information
leading
to
the
location
or
identification
of
the
four
individuals.
The
US
Department
of
Treasury
has
also
issued
sanctions
against
each
of
the
alleged
perpetrators
and
the
front
company
they
used
to
carry
out
their
attacks.
(Originally posted by Emma Roth)
Comments