Four Iranian hackers are accused of orchestrating a sophisticated cyberespionage campaign against the U.S. government and private companies. A $10 million bounty is being offered for information leading to their capture.
To preserve its cybersecurity, we can say that the United States does not skimp on means. After putting a bounty on the head of the BlackCat hacker gang for $10 million, it is the same more than tidy sum that they are offering for any information that could lead to the capture of four Iranian cyberhackers.
These hackers were indicted in Manhattan for cyberespionage against sensitive American organizations such as ministries linked to national defense and private companies. As of this writing, the quartet is still on the run.
Spearphishing and impersonation used in hacking campaigns
Like France, phishing by e-mail has been favored by hackers. They used spearphishing and identity theft to collect hundreds of thousands of accounts from employees of companies in the hospitality sector, but also from a large accounting firm.
Among the methods used to achieve their ends, hackers used spearphishing, an advanced form of phishing that targets specific individuals or organizations. Unlike general phishing, which distributes fraudulent messages on a large scale, spearphishing involves carefully personalized attacks, which have been designed to deceive a particular victim. Cybercriminals conduct extensive research on their targets to make their fraud attempts more convincing, often by posing as a trusted source that the victim knows.
Attackers use collected information, such as the victim’s personal and professional details, to create credible spearphishing messages that may include links to malicious websites or malware-infected attachments. The aim is to trick the victim into revealing sensitive information, such as login credentials or financial data, or installing malware that can compromise the security of computer systems.
In total, between 2016 and 2021, Alireza Shafie Nasab, Reza Kazemifar, Hossein Harooni and Komeil Baradaran Salmani, the four Iranian hackers, hacked more than 220,000 employee accounts, all through several campaigns.
10 million dollars reward for finding a highly organized gang
Kazemifar, one of the defendants, tested spearphishing tools and developed malware for the conspiracy. He also works for the EWCD, a branch of the IRGC, designated as a terrorist organization by the United States. Harooni was responsible for the network infrastructure. He fraudulently used the identities of others to disguise his role in acquiring online resources for the intrusions.
Salmani and Nasab, also involved, were responsible for testing spearphishing tools and acquiring infrastructure for social engineering campaigns. They used a person’s identity to register server and email accounts. All four men face charges of computer and wire fraud, with sentences of up to 20 years in prison on each count, plus additional penalties for aggravated identity theft and damage to a protected computer, determined by a federal judge according to American guidelines.
In addition to these charges, the US State Department’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of the group and the defendants.
The RFJ program seeks information on any person who, while acting at the direction or control of a foreign government, engages in certain malicious cyber activities in violation of the Computer Fraud and Abuse Act (CFAA).
Sources: Security Week, US Department of Justice
1