Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

$10 Million Bounty on Iranian Hackers for Cyberattacks on US Gov, Defense Contractors

Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.

Iranian hackers

Four Iranian nationals were indicted in a Manhattan federal court on Tuesday, charged with conducting a sophisticated cyberespionage campaign targeting US government departments, defense contractors, and private firms. 

The accused, still at large, are accused of targeting and hacking into critical systems at the Departments of Treasury and State and more than a dozen private US companies with access to defense-related information.

The four Iranians — Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab — are accused of participating in a malware operation using spear-phishing and other hacking techniques to harvest hundreds of thousands of corporate employee accounts.

“During their campaigns against one victim, the group compromised more than 200,000 employee accounts. In another campaign, the conspirators targeted 2,000 employee accounts,” the Justice Department said. 

“The conspirators compromised an administrator email account belonging to a defense contractor. Access to this administrator account empowered the conspirators to create unauthorized accounts, which the conspirators then used to send spear- phishing campaigns to employees of a different defense contractor and a consulting firm,” the agency added.

The Justice Department accused the Iranians of employing additional social engineering techniques that included the impersonation of women to obtain the confidence of victims. “These social engineering contacts were another means of conspiracy used to deploy malware onto victim computers and compromise those devices and accounts,” the agency added.

According to the unsealed indictment, the hacking group’s private sector victims were primarily cleared defense contractors, which are companies that have been granted security clearances by the US Department of Defense to access, receive, and store classified information.

The group was also accused of targeting a New York-based accounting firm and a New York-based hospitality company. 

Advertisement. Scroll to continue reading.

The hackers identified in the indictment have been linked to the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD), a component of the Islamic Revolutionary Guard Corps (IRGC).

Alongside the unsealing of the indictment, the Department of State announced a $10 million reward for information leading to their capture and the Treasury Department imposed sanctions on the individuals involved.

Related: US Indicts Iranians Who Hacked Power Company, Women’s Shelter

Related: Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill

Related: US Indicts Iranians for Election Meddling

Related: Over 1,200 Iranians Targeted in Domestic Surveillance Campaign

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights