The U.S. Department of Justice has announced criminal charges against three Iranian men for their alleged participation in state-sponsored identity theft and hacking by Iran’s Islamic Revolutionary Guard Corps, or IRGC, a designated foreign terrorist organization.
The men are all residents and citizens of the Islamic Republic of Iran, U.S. authorities said Thursday in a press release. Officials also say the men conspired to infiltrate the networks of American companies in search of commercial data and intellectual property.
The Reuters news agency said attempts to locate contact information for the Iranian defendants were not immediately successful and that a message left with Iran’s mission to the United Nations was not returned.
The hacking campaign used malware to attempt to steal the identities of thousands of U.S. citizens to accomplish unlawful acts and steal information related to U.S. aerospace and satellite technology, officials said in the written statement announcing the indictment. It also said the hacking campaign was launched in July 2015 and continued until February 2019.
According to the U.S. government, at one point in time the defendants possessed a target list of approximately 1,800 online accounts, including accounts belonging to various companies and organizations, in addition to international government organizations in Australia, Israel, Singapore, the United States and Britain.
Officials say the defendants are accused of engaging in an attempt to identify U.S. citizens working in the satellite and aerospace fields and whose identities could be stolen by the IRGC online. The impersonation of those individuals allowed the defendants to register email addresses and fraudulently purchase domains and hacking tools to be used in the coordinated campaign, the U.S. government said.
U.S. officials said phony online personas were created and the defendants sent customized spearphishing emails that purported to be from the individuals whose identities had been stolen, with malicious links embedded throughout that were then sent to members of the public. When clicked, malware would be downloaded onto the recipients’ computers and provide unauthorized access to their devices and networks.
Through these methods to steal data sought by the IRGC, authorities allege that the defendants were able to compromise a number of victims’ networks, resulting in the theft of sensitive commercial information, intellectual property and personal data from victim companies.
The U.S. District Court for the Eastern District of Virginia has issued arrest warrants for Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati.
Charges include conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, intentional damage to protected computers, aggravated identity theft, and conspiracy to commit fraud.
News of the charges follow an indictment of two other Iranians accused of participating in similar attacks.
Assistant U.S. Attorney General for National Security John Demers called the campaign “another effort by a rogue foreign nation to steal the fruits of this country’s hard work and expertise.”