The US authorities have charged four Iranian nationals for their alleged involvement in a sophisticated multi-year cyber campaign targeting both government and private entities, including the US Department of Treasury and State systems, defense contractors, and various New York-based companies.

According to the charges, the accused were part of a hacking organization engaged in coordinated computer intrusions from at least 2016 through April 2021. The group used spearphishing to infect victims’ computers with malware. It also utilized social engineering tactics, including impersonation, to gain the trust of their victims. By impersonating individuals, often women, they were able to deploy malware onto victim computers and compromise accounts.

During the campaigns, the hackers compromised over 200,000 employee accounts in one instance and targeted 2,000 employee accounts in another, the authorities said.

One of the accused, Reza Kazemifar, was tasked with testing tools for the group. He was also working for the Iranian Organization for Electronic Warfare and Cyber Defense, a division of the Islamic Revolutionary Guard Corps (IRGC), designated by the US as a foreign terrorist organization.

Hossein Harooni, another defendant, was responsible for managing the online network infrastructure used in the cyber intrusions. Komeil Baradaran Salmani was tasked with testing tools for spearphishing campaigns and maintaining infrastructure used by the conspirators, while Alireza Shafie Nasab was responsible for procuring infrastructure, including registering server and email accounts using falsified identities.

All defendants remain at large. The US Department of State has announced a reward of up to $10 million for information on Reza Kazemifar, Hossein Harooni, Komeil Baradaran Salmani, and two Iran-based front companies.

Additionally, US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two companies and four individuals involved in malicious cyber activity on behalf of the IRGC.