Blog

COURT DOC: Iranian National Charged for Multi-Year Hacking Campaign Targeting U.S. Defense Contractors and Private Sector Companies

Defendant conducted cyberattacks while employed by Iranian company that purported to provide cybersecurity services.

March 11, 2024

“The Justice Department unsealed an indictment charging an Iranian national with involvement in a cyber-enabled campaign to compromise U.S. governmental and private entities, including the U.S. Departments of the Treasury and State, defense contractors, and two New York-based companies.”

“According to court documents, from at least in or about 2016 through in or about April 2021, Alireza Shafie Nasab, 39, of Iran, and other co-conspirators were members of a hacking organization that participated in a coordinated multi-year campaign to conduct and attempt to conduct computer intrusions. These intrusions targeted more than a dozen U.S. companies and the U.S. Departments of the Treasury and State. Nasab remains at large.”

“’While purporting to work as a cybersecurity specialist for Iran-based clients, Mr. Nasab allegedly participated in a persistent campaign to compromise U.S. private sector and government computer systems,’ said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. ‘Today’s charges highlight Iran’s corrupt cyber ecosystem, in which criminals are given free rein to target computer systems abroad and threaten U.S. sensitive information and critical infrastructure. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.’”

“The hacking group’s private sector victims were primarily cleared defense contractors, which are companies that support U.S. Department of Defense programs. In addition, the group targeted a New York-based accounting firm and a New York-based hospitality company.”

“According to the indictment, in conducting their hacking campaigns, the group used spear phishing — that is, tricking an email recipient into clicking on a malicious link — to infect victim computers with malware. In the course of their campaigns against one victim, the group compromised more than 200,000 victim employee accounts. At another victim, the conspirators targeted 2,000 employee accounts. In order to manage their spearphishing campaigns, the group created and used a particular computer application, which enabled the conspirators to organize and deploy their spear phishing attacks.”

“In the course of these spear phishing attacks, the conspirators compromised an administrator email account belonging to a defense contractor (Defense Contractor-1). Access to this administrator account empowered the conspirators to create unauthorized Defense Contractor-1 accounts, which the conspirators then used to send spear phishing campaigns to employees of a different defense contractor and a consulting firm.”

“In addition to spearphishing, the conspirators utilized social engineering, which involved impersonating others, generally women, in order to obtain the confidence of victims. These social engineering contacts were another means the conspiracy used to deploy malware onto victim computers and compromise those devices and accounts.”

“Nasab took part in these schemes. During his participation in the scheme, he was employed by Mahak Rayan Afraz, an Iran-based company that purported to provide cybersecurity services, but which was, in fact, a front for the conspirators’ operations. Nasab was responsible for procuring infrastructure used by the conspiracy. During the course of this conduct, Nasab used the stolen identity of a real person in order to register a server and email accounts used in the course of the cyber campaigns.” (Source: US Department of Justice)

Begin your free trial today.