Four Iranian nationals were indicted in Manhattan federal court on Tuesday, charged with conducting a sophisticated cyber-espionage campaign targeting U.S. government departments, defense contractors, and private firms.
The accused, still at large, are accused of targeting and hacking into critical systems at the Departments of Treasury and State and more than a dozen private US companies with access to defense-related information.
The four Iranians — Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab — are accused of participating in a malware operation using spear-phishing and other hacking techniques to harvest hundreds of thousands of corporate employee accounts.
“During their campaigns against one victim, the group compromised more than 200,000 employee accounts. In another campaign, the conspirators targeted 2,000 employee accounts,” the Justice Department said.
“The conspirators compromised an administrator email account belonging to a defense contractor. Access to this administrator account empowered the conspirators to create unauthorized accounts, which the conspirators then used to send spear- phishing campaigns to employees of a different defense contractor and a consulting firm,” the agency added.
The Justice Department accused the Iranians of employing additional social engineering techniques that included the impersonation of women to obtain the confidence of victims. “These social engineering contacts were another means of conspiracy used to deploy malware onto victim computers and compromise those devices and accounts,” the agency added.
According to the unsealed indictment, the hacking group’s private sector victims were primarily cleared defense contractors, which are companies that have been granted security clearances by the U.S. Department of Defense to access, receive, and store classified information.
The group was also accused of targeting a New York-based accounting firm and a New York-based hospitality company.
The hackers identified in the indictment has been linked to the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), a component of the Islamic Revolutionary Guard Corps (IRGC)
Alongside the unsealing of the indictment, the Department of State announced a $10 million reward for information leading to their capture and the Treasury Department imposed sanctions on the individuals involved.
Related: US Indicts Iranians Who Hacked Power Company, Women’s Shelter
Related: Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill
Related: US Indicts Iranians for Election Meddling
Related: Over 1,200 Iranians Targeted in Domestic Surveillance Campaign
Source: securityweek.com