The Department of Justice has charged an Iranian national for his alleged involvement in a cyberattack that attempted to compromise both private sector companies and U.S. government entities, including the Treasury Department and State Department.
The individual, Alireza Shafie Nasab, 39, of Iran, remains at large, and in addition to the charges the U.S. government is offering a reward of up to $10 million for information leading to his identification or location. Nasab was allegedly a member of a hacking organization between 2016 to 2021 that targeted more than a dozen U.S. companies, including several cleared defense contractors that supported U.S. Department of Defense programs. Additionally, the group also targeted both a New York-based accounting firm and hospitality company.
“While purporting to work as a cybersecurity specialist for Iran-based clients, Mr. Nasab allegedly participated in a persistent campaign to compromise U.S. private sector and government computer systems,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division in a Thursday statement. “Today’s charges highlight Iran’s corrupt cyber ecosystem, in which criminals are given free rein to target computer systems abroad and threaten U.S. sensitive information and critical infrastructure.”
The group worked under the guise of an Iran-based cybersecurity services company called Mahak Rayan Afraz, and operated on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC). As part of the group, Nasab procured infrastructure by using a stolen identity to register a server and email accounts that were used for campaigns.
As part of these hacking campaigns, the group used spear-phishing tactics to infect victims with malware. They would first compromise an administrator email account for a defense contractor, allowing them to then create unauthorized accounts and send subsequent spear-phishing emails from those accounts to employees from a different defense contractor or private company. Social engineering was a large part of these campaigns, and the group impersonated others, usually women, to gain their trust.
In one incident, the group was able to compromise more than 200,000 victim employee accounts, and in another they targeted 2,000 employee accounts.
“In order to manage their spear-phishing campaigns, the group created and used a particular computer application, which enabled the conspirators to organize and deploy their spear-phishing attacks,” according to the Justice Department.
According to the Justice Department, Nasab is charged with counts of conspiracy to commit computer fraud, conspiracy to commit wire fraud, wire fraud and aggravated identity theft.