24 April 2024

US charges four Iranian hackers for cyber intrusions


US charges four Iranian hackers for cyber intrusions

The US authorities have charged four Iranian nationals for their alleged involvement in a sophisticated multi-year cyber campaign targeting both government and private entities, including the US Department of Treasury and State systems, defense contractors, and various New York-based companies.

According to the charges, the accused were part of a hacking organization engaged in coordinated computer intrusions from at least 2016 through April 2021. The group used spearphishing to infect victims’ computers with malware. It also utilized social engineering tactics, including impersonation, to gain the trust of their victims. By impersonating individuals, often women, they were able to deploy malware onto victim computers and compromise accounts.

During the campaigns, the hackers compromised over 200,000 employee accounts in one instance and targeted 2,000 employee accounts in another, the authorities said.

One of the accused, Reza Kazemifar, was tasked with testing tools for the group. He was also working for the Iranian Organization for Electronic Warfare and Cyber Defense, a division of the Islamic Revolutionary Guard Corps (IRGC), designated by the US as a foreign terrorist organization.

Hossein Harooni, another defendant, was responsible for managing the online network infrastructure used in the cyber intrusions. Komeil Baradaran Salmani was tasked with testing tools for spearphishing campaigns and maintaining infrastructure used by the conspirators, while Alireza Shafie Nasab was responsible for procuring infrastructure, including registering server and email accounts using falsified identities.

All defendants remain at large. The US Department of State has announced a reward of up to $10 million for information on Reza Kazemifar, Hossein Harooni, Komeil Baradaran Salmani, and two Iran-based front companies.

Additionally, US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two companies and four individuals involved in malicious cyber activity on behalf of the IRGC.

Back to the list

Latest Posts

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

Threat actors abusing Foxit PDF Reader flaw to deploy multiple malware variants

The flaw involves Foxit PDF Reader's handling of pop-up messages.
20 May 2024
China-linked APT group uses malware to spy on commercial shipping

China-linked APT group uses malware to spy on commercial shipping

Mustang Panda infiltrated the computer systems of cargo shipping companies in Norway, Greece, and the Netherlands.
20 May 2024
The Grandoreiro malware is back up and running after January disruption

The Grandoreiro malware is back up and running after January disruption

Grandoreiro now targets over 1,500 banks worldwide, spanning more than 60 countries across Central and South America, Africa, Europe, and the Indo-Pacific region.
20 May 2024