The Justice Department has unveiled charges against four Iranian nationals involved in a cyber campaign targeting U.S. companies, including government entities and defense contractors. Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab are accused of engaging in a hacking scheme that compromised American organizations, as well as the U.S. Departments of Treasury and State.
Attorney General Merrick B. Garland emphasized the severity of the situation, stating, "Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability."
FBI Director Christopher Wray highlighted the FBI's dedication to countering cyber threats, stating, "Today’s announcement demonstrates the FBI’s commitment to using every lawful tool at our disposal, together with our domestic and international partners, to disrupt the threats posed from Iran to American businesses and citizens."
According to U.S. Attorney Damian Williams for the Southern District of New York, the defendants employed spearphishing and hacking techniques to target companies with access to defense-related information. Williams urged anyone with information on the whereabouts of the defendants to contact the Department of State.
The indictment reveals that the defendants, along with other conspirators, orchestrated a multi-year campaign to conduct computer intrusions targeting U.S. companies and government agencies. The group used spearphishing and social engineering tactics to compromise victim accounts and deploy malware.
Reza Kazemifar, one of the accused, played a crucial role in testing the tools used for cyber campaigns. He was also involved in developing malware and worked for the Iranian Organization for Electronic Warfare and Cyber Defense. Harooni, Salmani, and Nasab were responsible for managing online network infrastructure and procuring resources for the cyber campaign.
The defendants face charges of conspiracy to commit computer fraud, wire fraud, and aggravated identity theft. If convicted, they could face significant prison sentences.
The FBI Cyber Division is leading the investigation, with assistance from prosecutors in the Southern District of New York and the National Security Division’s National Security Cyber Section.
An indictment is not a conviction, and all defendants are presumed innocent until proven guilty in a court of law.