Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Charges Three Iranian Hackers for Attacks on Satellite Companies

The U.S. Department of Justice on Thursday announced charges against three Iranian nationals believed to have stolen information related to the United States’ aerospace and satellite technologies.

The U.S. Department of Justice on Thursday announced charges against three Iranian nationals believed to have stolen information related to the United States’ aerospace and satellite technologies.

One of the suspects is Said Pourkarim Arabi, 34, who is said to be a member of the Islamic Revolutionary Guard Corps (IRGC), which the U.S. has designated as a terrorist organization. The other two are Mohammad Bayati, 34, and Mohammad Reza Espargham, whose age is unknown.

According to the DoJ, the men conducted cyber campaigns between at least July 2015 and February 2019, and at one point they possessed a list of over 1,800 targeted online accounts associated with satellite and aerospace companies, as well as government organizations in the U.S., Australia, U.K., Israel, and Singapore.

Authorities say the hackers used social engineering to trick people working in the aerospace and satellite sectors to hand over information that they could later use to create fake email accounts and domains. They used these resources to send out phishing emails designed to deliver a piece of malware to other individuals they targeted. The malware, often a RAT, gave them access to the victim’s computer and network.

Iranian phishing email

“The defendants then used additional hacking tools to maintain unauthorized access, escalate their privileges, and steal data sought by the IRGC. Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company,” the DoJ said in a press release.

The Iranians face various charges, including conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, intentional damage to protected computers, aggravated identity theft, and conspiracy to commit wire fraud.

Warrants have been issued for their arrest and they could spend many years behind bars if they are ever convicted in the United States.

This is the third round of charges announced by U.S. authorities this week against alleged Iranian hackers. The DoJ previously announced charges against two hacktivists who defaced websites in response to the killing of Qasem Soleimani, and later against two state-sponsored hackers who are said to have targeted a wide range of industries since at least 2013.

Advertisement. Scroll to continue reading.

The United States this week also charged two Russian cybercriminals allegedly involved in a $17 million cryptocurrency fraud scheme, and five alleged members of the China-linked threat group known as APT41.

Related: U.S. Charges Two Iranians Over SamSam Ransomware Attacks

Related: Former U.S. Air Force Officer Indicted for Aiding Iranian Cyber Attacks

Related: Two Iranians Charged in U.S. Over Hacking Defense Materials

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.