Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

US Pressures Iran Over Phishing Campaign Against Feds

Departments of Justice, Treasury and State Take Action Against Iranian Cyber Actors
US Pressures Iran Over Phishing Campaign Against Feds
A view of the Tehran skyline. (Image: Shutterstock)

The U.S. federal government instigated a full court press against four alleged Iranian state hackers, unsealing a multi-count criminal indictment, slapping the men with Treasury sanctions and offering a reward of up to $10 million for their capture.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

It's a multi-agency toolset the federal government uses in particular when the alleged hackers lie beyond the reach of American justice - a move to bring to bear the full weight of the federal government, even if only symbolically.

In this case, the federal prosecutors unsealed a 2021 indictment against alleged state-backed hackers, accusing them of overseeing a years-long phishing campaign primarily against cleared defense contractors. Prosecutors said their activities began in 2016 and carried on at least through the year of the indictment. Victims include the Departments of Treasury and State.

Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani and Alireza Shafie Nasab allegedly had different roles in the phishing campaigns such as procuring online infrastructure for typosquatted domains used to harvest credentials and testing the application used to manage phishing campaigns, which they called "Dandelion." The application kept track of which victims clicked on malicious hyperlinks, sometimes after being baited after Tehran hackers posed as women on social media.

Prosecutors say three of the men - Kazemifar, Salmani and Nasab - worked for a Mehrsam Andisheh Saz Nik, a front company for the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command. One of them - Kazemifar - worked for the Iranian Organization for Electronic Warfare and Cyber Defense from 2014 through at least 2020, the Department of Justice says.

The four also allegedly targeted a New York accounting firm, compromising more than 200,000 employee accounts. They are each charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud and some face additional charges including aggravated identity theft and knowingly damaging a protected computer. Prosecutors unsealed a separate indictment against Nasab earlier this year.

Although often listed alongside nation-state hacking operations in Russia and China, Iranian hackers have a reputation for relying more on social engineering and less on the zero day prowess of their authoritarian counterparts (see: State Hackers' New Frontier: Network Edge Devices).

The Department of Treasury Tuesday also sanctioned the four men as well as Mehrsam Andisheh Saz Nik and another Islamic Revolutionary Guard Corp front company, Dadeh Afzar Arman. Most Iranians are not aware that the companies are fronts, Treasury warned. "The Iranian public should be aware that the IRGC-CEC uses private companies and their employees to achieve illegal goals."

The State Department through its Reward for Justice program offered $10 million and possible relocation for information on the hackers.

Administration officials have acknowledged that "name and shame efforts" may not result in the prosecution of foreign nation-state hackers, but have said they're effective in different ways. They stop alleged perpetrators from traveling to countries with U.S. extradition treaties. Publicly disclosing foreign state hacking lends credibility to American international efforts to secure cyberspace and puts foreign governments on the defensive, they have said.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.