Security Experts:

U.S. Charges Three Iranian Hackers for Attacks on Satellite Companies

The U.S. Department of Justice on Thursday announced charges against three Iranian nationals believed to have stolen information related to the United States’ aerospace and satellite technologies.

One of the suspects is Said Pourkarim Arabi, 34, who is said to be a member of the Islamic Revolutionary Guard Corps (IRGC), which the U.S. has designated as a terrorist organization. The other two are Mohammad Bayati, 34, and Mohammad Reza Espargham, whose age is unknown.

According to the DoJ, the men conducted cyber campaigns between at least July 2015 and February 2019, and at one point they possessed a list of over 1,800 targeted online accounts associated with satellite and aerospace companies, as well as government organizations in the U.S., Australia, U.K., Israel, and Singapore.

Authorities say the hackers used social engineering to trick people working in the aerospace and satellite sectors to hand over information that they could later use to create fake email accounts and domains. They used these resources to send out phishing emails designed to deliver a piece of malware to other individuals they targeted. The malware, often a RAT, gave them access to the victim’s computer and network.

Iranian phishing email

“The defendants then used additional hacking tools to maintain unauthorized access, escalate their privileges, and steal data sought by the IRGC. Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company,” the DoJ said in a press release.

The Iranians face various charges, including conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, intentional damage to protected computers, aggravated identity theft, and conspiracy to commit wire fraud.

Warrants have been issued for their arrest and they could spend many years behind bars if they are ever convicted in the United States.

This is the third round of charges announced by U.S. authorities this week against alleged Iranian hackers. The DoJ previously announced charges against two hacktivists who defaced websites in response to the killing of Qasem Soleimani, and later against two state-sponsored hackers who are said to have targeted a wide range of industries since at least 2013.

The United States this week also charged two Russian cybercriminals allegedly involved in a $17 million cryptocurrency fraud scheme, and five alleged members of the China-linked threat group known as APT41.

Related: U.S. Charges Two Iranians Over SamSam Ransomware Attacks

Related: Former U.S. Air Force Officer Indicted for Aiding Iranian Cyber Attacks

Related: Two Iranians Charged in U.S. Over Hacking Defense Materials

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.