The US Justice Department on Thursday announced charges against an Iranian national allegedly involved in hacking operations, including ones aimed at government and private sector organizations.
The defendant, 39-year-old Alireza Shafie Nasab, is accused of taking part in hacking campaigns between at least 2016 and 2021. Some of the victims of these campaigns were the US State and Treasury Departments, defense contractors, and a dozen companies, including two accounting and hospitality companies based in New York.
Nasab allegedly worked at Mahak Rayan Afraz, an Iranian IT company with ties to the Islamic Revolutionary Guard Corps (IRGC). The firm’s executives are said to have links to firms sanctioned by the United States.
Mahak Rayan Afraz was previously linked to malware development and cyberespionage operations.
The private sector victims targeted by Nasab and his accomplices were mainly cleared defense contractors, from which they attempted to steal sensitive or classified information. The attackers relied on spearphishing emails and social engineering to deliver malware to targeted entities.
According to the DoJ, the hackers compromised more than 200,000 employee accounts during their attack against one victim.
“In the course of these spear phishing attacks, the conspirators compromised an administrator email account belonging to a defense contractor (Defense Contractor-1),” the DoJ said. “Access to this administrator account empowered the conspirators to create unauthorized Defense Contractor-1 accounts, which the conspirators then used to send spear phishing campaigns to employees of a different defense contractor and a consulting firm.”
Nasab was allegedly in charge of procuring infrastructure for the hacking operations. He has been charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. Some of these charges carry a sentence of up to 20 years in prison.
Nasab remains at large. A reward of up to $10 million is being offered for information that can be used to identify or locate the Iranian national.
Related: Iranian Hackers Target Aviation and Defense Sectors in Middle East
Related: US Indicts Iranians for Election Meddling
Related: US Indicts Iranians Who Hacked Power Company, Women’s Shelter