The US Department of Justice has unsealed an indictment charging three Iranian nationals for conducting cyberattacks on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC) aimed at stealing critical information related to U.S. aerospace and satellite technology and resources.
The suspects are Said Pourkarim Arabi, 34, Mohammad Reza Espargham, 25, and Mohammad Bayati, 34. The DoJ alleges that from approximately July 2015 and until at least February 2019 the defendants were conducting hacking campaigns against numerous companies and organizations in the United States and abroad.
“The defendants at one time possessed a target list of over 1,800 online accounts, including accounts belonging to organizations and companies involved in aerospace or satellite technology and international government organizations in Australia, Israel, Singapore, the United States, and the United Kingdom,” according to the DoJ’s press release.
The accused allegedly used social engineering to identify real United States citizens working in the satellite and aerospace fields and then using stolen identities of those individuals registered mail addresses and used them to purchase domains and hacking tools for use in the their attacks.
The men targeted victims with spear phishing emails that were disguised as messages coming from the individuals whose identities the defendants had stolen that contained malicious links which when clicked downloaded malware on a victim’s machine.
The hackers used additional tools to maintain access to compromised systems, elevate their privileges and steal valuable data.
“Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company,” the DoJ said.
The Iranians face various charges, including conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, intentional damage to protected computers, aggravated identity theft, and conspiracy to commit wire fraud.