Four Iranian nationals have been indicted by a federal grand jury in Manhattan for their alleged involvement in a years-long cyber campaign targeting the United States. According to the indictment, the individuals, identified as Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab, were part of a hacking organization that engaged in a coordinated campaign of computer intrusions from at least 2016 through April 2021.
The indictment alleges that the defendants targeted over a dozen U.S. companies, as well as the U.S. Treasury and U.S. State Department. They are accused of using phishing emails to trick victims into clicking on malicious links that infected their computers with malware. In one instance, the group is alleged to have compromised over 200,000 employee accounts at a single victim organization.
Kazemifar, Salmani, and Nasab are alleged to have worked for Mahak Rayan Afraz, an Iranian company that purported to offer cybersecurity services. However, the DOJ alleges that the company was merely a front for the group’s malicious activities.
The defendants are facing various charges, including conspiracy to commit computer fraud, conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. They face up to 20 years in prison if convicted.
In addition to the indictments, the U.S. Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information leading to the identification or location of the defendants or the group responsible for the attacks.
The Treasury Department has also announced sanctions against the defendants and other cyber actors associated with the group.
The indictment is part of an ongoing effort by the U.S. government to counter the growing threat of cyber attacks from Iran. The FBI has warned that Iran is a major source of cyber threats to the United States, particularly in the areas of espionage and economic disruption.
