Four Iranian nationals were indicted for being part of a multi-year cyber campaign targeting the U.S. State and Treasury departments, defense contractors, and companies in New York. The Department of Justice unsealed the indictment in a Manhattan federal court, charging the individuals with computer fraud, wire fraud conspiracy, and other offenses. The DOJ also announced Rewards for Justice program offering up to $10 million for information leading to the identification or location of the group and defendants. The Treasury Department imposed sanctions against the conspirators and other cyber actors.
Attorney General Merrick B. Garland emphasized the grave threat that criminal activity originating from Iran poses to America’s national security and economic stability. The four defendants were accused of engaging in a hacking campaign targeting American companies, U.S. Treasury, and State Departments. The indictment revealed that between 2016 and April 2021, the hackers conducted computer intrusions as part of a coordinated effort. The private sector companies targeted had security clearance from the U.S. Department of Defense, allowing access to classified information to support DoD programs.
The hackers used a front company in Iran, Mahak Rayan Afraz, to offer cybersecurity services while conducting malicious cyber activities. By tricking email recipients into clicking on links that were infected with malware, the group compromised thousands of employee accounts. They also targeted an accounting firm and a hospitality company in New York. One campaign resulted in over 200,000 employee accounts being compromised, while another targeted approximately 2,000 employee accounts. Through unauthorized accounts, the hackers sent out additional hacking campaigns to employees of a defense contractor and consulting firm.
The indictment detailed the roles of the defendants in the hacking operation. Kazemifar was responsible for testing tools used in the campaigns and allegedly worked for the Iranian Organization for Electronic Warfare and Cyber Defense, part of the Islamic Revolutionary Guard Corps. Harooni managed the group’s infrastructure and used a stolen passport to conceal his involvement. Salmani tested hacking tools, including those used against a hospitality company, while Nasab created infrastructure for social engineering campaigns targeting victims.
All four conspirators were charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud offenses. They faced up to five years in prison for computer fraud conspiracy and up to 20 years for each count of wire fraud and conspiracy to commit wire fraud. Harooni was also charged with knowingly damaging a protected computer, which carries a maximum sentence of 10 years in prison if found guilty. The DOJ also charged Harooni, Salmani, and Nasab with aggravated identity theft.
