Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US Charges 3 Iranians Over Presidential Campaign Hacking

The US has announced charges, sanctions and a $10 million reward for Iranian hackers accused of targeting elections.

Iran election hacking

The United States on Friday announced charges, sanctions and rewards in response to recent Iranian hacking operations targeting the 2024 election. 

It came to light in recent months that Iran has been running a cyber campaign targeting the upcoming US presidential election. Hackers linked to Iran have targeted the Biden, Trump and Harris campaigns, and they even offered sensitive information stolen from the Trump campaign to the Biden campaign. 

Unlike Russia, which seems to favor Donald Trump in the upcoming election, Iran is believed to oppose Trump’s reelection and is attempting to undermine his campaign. 

The US Justice Department on Friday announced charges against three employees of Iran’s Islamic Revolutionary Guard Corps (IRGC) over hacker attacks not only against the presidential campaigns, but also current and former US officials, NGOs, and members of the media. 

The US says Tehran has been relying on cyberattacks and other cyber-enabled operations to influence and sow distrust in elections, and to obtain information that could be used to “further advance the malign activities of the IRGC”, including to avenge the death of Iranian General Qasem Soleimani, who was killed in 2020 by a US drone strike in Baghdad.

The three IRGC employees charged by the US are Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yaser Balaghi, 37. 

According to the DoJ, they have been involved in IRGC hacking campaigns since at least January 2020, leveraging spear-phishing, social engineering and other techniques in an attempt to compromise computers and accounts. Some of their efforts were successful, while others failed. 

Attempts to provide information stolen from the Trump campaign to members of the media and the Biden campaign were described by authorities as a ‘hack-and-leak’ operation. 

Advertisement. Scroll to continue reading.

Jalili, Aghamiri, and Balaghi have been charged with conspiracy to commit identity theft, aggravated identity theft, unauthorized access to computers, access device fraud, and wire fraud.

The Iranian hacking operation targeting the US presidential election has been linked to a threat group tracked as APT42, whose activities were disrupted by Google earlier this year.

In addition to the charges announced by the Justice Department, the State Department is offering a reward of up to $10 million for information on the three alleged hackers, and announced sanctions against them and several others. 

“APT42 is just one of the many actors working for the IRGC, Iran’s aggressive and globally focused security service. They control multiple contractors who have carried out many of the most audacious cyber incidents we have seen in the Middle East, Europe, and the U.S., including activity during this and previous presidential election cycles. This activity is just one example of their tactics, which are constantly evolving,” said John Hultquist of the Google Threat Intelligence Group.

“In addition to leaks, IRGC actors regularly leverage destructive attacks, faked content, and threats delivered to citizens en masse. They regularly assume the guise of hacktivists or criminals and have increasingly targeted random individuals through email and even text messages. Most of this activity is designed to undermine trust in security, and is used to attack confidence in elections in particular,” Hultquist added.

Agencies in the UK and US on Friday issued a joint alert warning at-risk individuals about phishing attempts conducted by Iranian hackers. 

Related: Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says

Related: How Lessons Learned From the 2016 Campaign Led US Officials to Be More Open About Iran Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

Zach Furness has joined MITRE as CISO.

Gregg R. Kendrick has been named CISO at Vanderbilt University.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.