The U.S. government has charged four Iranians and sanctioned two companies for a multi-year cyber campaign targeting more than a dozen American companies, including defense contractors, an accounting firm, and a hospitality company. The defendants are accused of using malicious emails and impersonating women to trick victims into clicking on links that infected their computers with malware. Over 200,000 employee accounts were compromised at the accounting firm, and more than 2,000 were compromised at the hospitality company. The alleged wrongdoing occurred between 2016 and 2021.