Defense Department charges three Iranian hackers over “hack and leak” campaign

The US Department of Justice has announced charges against three members of Iran's Islamic Revolutionary Guard Corps (IRGC).

The people – known as Masoud Jalili, 36; Seyyed Ali Aghamiri, 34; and Yaser Balaghi, 37 – are accused of carrying out a cyber campaign against the US upcoming US presidential electionand conducting hacks against it political campaignscurrent and former US officials, non-governmental organizations and media representatives. They are charged with conspiracy to commit identity theft, aggravated identity theft, unauthorized computer access, access device fraud and wire fraud.

According to a press release from the U.S. Department of Justice, the activity was “part of Iran's ongoing efforts to foment discord, undermine confidence in the U.S. electoral process, and unlawfully obtain information about current and former U.S. officials used to further the malign activities.” “The IRGC could be used by Iran,” including in retaliation for the death of former IRGC-Quds Force commander Qasem Soleimani.

The Justice Department alleges the attackers focused on compromising accounts of former U.S. government officials for several years because they shifted their focus in May and targeted campaign officials by using their access to campaign accounts to obtain information, not public campaign documents and stealing emails.

The attackers then expanded their operation and carried out a “hack and leak” operation using stolen material as a weapon to exclude from a US presidential election campaign in order to undermine certain candidates, according to the announcement.

“The conduct outlined in the indictment is just the latest example of Iran’s brazen behavior,” said FBI Director Christopher Wray. “That’s why today the FBI wants to send a message to the Iranian government: you and your hackers cannot hide behind your keyboards.”

The DOJ and the State Department jointly issued the order a reward of up to $10 million through the Rewards for Justice program, information leading to the identification or location of a foreign person or entity engaging in U.S. election interference.

Spear phishing for malicious opportunities

The charges follow a joint warning with the UK's National Cyber ​​Security Center about ongoing malicious cyber activity by threat actors working on behalf of the Iranian government, particularly in the area of ​​spear phishing.

Potential targets include, but are not limited to, current and former high-ranking government or political officials, journalists, activists and lobbyists who have been targeted with social engineering messages tailored to the individual. Threat actors may pose as family members or professional contacts to trick their victims. And their enticements to the heir might be a request for an interview, a public speaking event, or more generally the offering of an opportunity to discuss policy.

“The actors often attempt to build a relationship before asking victims to access a document via a hyperlink that redirects victims to a false email account login page to capture credentials.” says the recommendation. “Victims may be asked to enter two-factor authentication codes, provide them through a messaging application, or interact with phone notifications to grant access to the cyber actors.”

It is recommended that people who believe they may be targeted be suspicious of unwanted contact from people they do not know personally, unsolicited file-sharing requests, or attempts to share links.