US Charges and Sanctions Iranians Connected to Revolutionary Guard Cyber Command

The US government has taken decisive action against four individuals from Iran, leveling criminal charges and imposing sanctions on them. These measures come in response to what authorities describe as a sustained cyber campaign spanning several years, with the targets including numerous American companies. The Treasury Department and the State Department have both played key roles in addressing this alleged threat to US cybersecurity.

The sanctions announced by the US government extend beyond targeting individuals to also include two companies: Mehrsam Andisheh Saz Nik and Dadeh Afzar Arman. According to the Treasury Department, these companies not only employed the individual defendants but also served as front entities for Iran’s Revolutionary Guard cyber command. This suggests a concerted effort to disrupt the alleged cyber campaign by penalizing both the individuals and the entities facilitating their activities.

Federal prosecutors in Manhattan have disclosed that the cyber campaign primarily targeted defense contractors with access to classified information. These contractors play a crucial role in national security, making them lucrative targets for cyber espionage. Additionally, other entities were also targeted, including a New York-based accounting firm and a hospitality company. The inclusion of these diverse targets suggests a broad-ranging effort to gather intelligence and potentially compromise sensitive data across multiple sectors.

Prosecutors detailed that the defendants employed spear phishing techniques to infect computers with malware. Spear phishing involves deceiving email recipients by using targeted and personalized messages, often impersonating trusted sources or individuals, to lure them into clicking on malicious links or attachments. Additionally, the defendants allegedly impersonated women to establish rapport and gain the trust of their targets. This combination of social engineering tactics highlights the sophisticated and deceptive nature of the cyber campaign orchestrated by the defendants.

The cyber campaign, which took place between 2016 and 2021, resulted in the compromise of over 200,000 employee accounts at the accounting firm and more than 2,000 accounts at the hospitality company. This extended timeframe underscores the persistence and ongoing nature of the cyberattacks perpetrated by the defendants. Over the course of several years, the defendants allegedly employed sophisticated tactics such as spear phishing and malware deployment to infiltrate the computer systems of various targets, including defense contractors and other organizations with access to sensitive information. The wide-ranging impact of the campaign highlights the need for robust cybersecurity measures to protect against evolving threats in the digital landscape.

US Attorney General Merrick Garland emphasized the serious nature of criminal activity originating from Iran, stating that it poses a significant threat to America’s national security and economic stability. The four individual defendants—Hossein Harooni, Reza Kazemifar, Alireza Nasab, and Komeil Salmani—are described as being in their mid- to late-30s and are currently at large, according to prosecutors. These statements underscore the urgency and importance of apprehending the suspects to prevent further cyber threats and safeguard critical infrastructure and information systems.

The charges against each individual include wire fraud, wire fraud conspiracy, and conspiracy to commit computer intrusions. These charges outline their alleged participation in the cyber campaign aimed at American entities. In addition, Harooni faces a charge of damaging a protected computer, indicating the extent of harm caused by his actions. Moreover, both Harooni and Nasab are charged with aggravated identity theft, reflecting the seriousness of their alleged offenses and the impact on individuals affected by identity theft.