The United States on Friday announced charges, sanctions and rewards in response to recent Iranian hacking operations targeting the 2024 election.
It came to light in recent months that Iran has been running a cyber campaign targeting the upcoming US presidential election. Hackers linked to Iran have targeted the Biden, Trump and Harris campaigns, and they even offered sensitive information stolen from the Trump campaign to the Biden campaign.
Unlike Russia, which seems to favor Donald Trump in the upcoming election, Iran is believed to oppose Trump’s reelection and is attempting to undermine his campaign.
The US Justice Department on Friday announced charges against three employees of Iran’s Islamic Revolutionary Guard Corps (IRGC) over hacker attacks not only against the presidential campaigns, but also current and former US officials, NGOs, and members of the media.
The US says Tehran has been relying on cyberattacks and other cyber-enabled operations to influence and sow distrust in elections, and to obtain information that could be used to “further advance the malign activities of the IRGC”, including to avenge the death of Iranian General Qasem Soleimani, who was killed in 2020 by a US drone strike in Baghdad.
The three IRGC employees charged by the US are Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yaser Balaghi, 37.
According to the DoJ, they have been involved in IRGC hacking campaigns since at least January 2020, leveraging spear-phishing, social engineering and other techniques in an attempt to compromise computers and accounts. Some of their efforts were successful, while others failed.
Attempts to provide information stolen from the Trump campaign to members of the media and the Biden campaign were described by authorities as a ‘hack-and-leak’ operation.
Jalili, Aghamiri, and Balaghi have been charged with conspiracy to commit identity theft, aggravated identity theft, unauthorized access to computers, access device fraud, and wire fraud.
The Iranian hacking operation targeting the US presidential election has been linked to a threat group tracked as APT42, whose activities were disrupted by Google earlier this year.
In addition to the charges announced by the Justice Department, the State Department is offering a reward of up to $10 million for information on the three alleged hackers, and announced sanctions against them and several others.
“APT42 is just one of the many actors working for the IRGC, Iran’s aggressive and globally focused security service. They control multiple contractors who have carried out many of the most audacious cyber incidents we have seen in the Middle East, Europe, and the U.S., including activity during this and previous presidential election cycles. This activity is just one example of their tactics, which are constantly evolving,” said John Hultquist of the Google Threat Intelligence Group.
“In addition to leaks, IRGC actors regularly leverage destructive attacks, faked content, and threats delivered to citizens en masse. They regularly assume the guise of hacktivists or criminals and have increasingly targeted random individuals through email and even text messages. Most of this activity is designed to undermine trust in security, and is used to attack confidence in elections in particular,” Hultquist added.
Agencies in the UK and US on Friday issued a joint alert warning at-risk individuals about phishing attempts conducted by Iranian hackers.
Related: Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says
Related: How Lessons Learned From the 2016 Campaign Led US Officials to Be More Open About Iran Hack
