The Department of Justice (DOJ) indicted three state-sponsored Iranian hackers on Thursday who allegedly tried to steal data related to U.S. aerospace and satellite technology and resources.
“This case highlights the Islamic Revolutionary Guard Corps’ efforts to infiltrate the networks of American companies in search of valuable commercial information and intellectual property,” Assistant Attorney General for National Security John C. Demers said in a statement. “It is yet another effort by a rogue foreign nation to steal the fruits of this country’s hard work and expertise.”
— U.S. Attorney EDVA (@EDVAnews) September 17, 2020
The three Iranian nationals allegedly targeted numerous U.S. companies and organizations beginning in July 2015 through February 2019. The men allegedly had a target list of over 1,800 online accounts, including accounts belonging to organizations involved in satellite and aerospace technology and international government organizations in Israel, Singapore, Australia and the United Kingdom.
The indictment alleges the hackers stole the identities of U.S. citizens in the satellite and aerospace fields and used the false identities to create email accounts which they would then use to send emails with “malicious links” embedded.
If the recipient opened the email, malware would be downloaded, giving the hackers access to the recipient’s network and allowing them to steal data. (RELATED: 5 Chinese Nationals, 2 Malaysian Nationals Charged With Hacking, Department Of Justice Announces)
“We will relentlessly pursue and expose those who seek to harm American companies and individuals wherever they reside in the world,” G. Zachary Terwilliger, U.S. Attorney for the Eastern District of Virginia, said in the statement. “The use of malware, the theft of commercial data and intellectual property, and the use of social engineering to steal the identities of U.S. citizens to accomplish unlawful attacks will not be tolerated.”
Said Pourkarim Arabi, Mohammed Reza Espargham and Mohammad Bayati were all charged in the indictment, with the U.S. District Court for the Eastern District of Virginia issuing warrants for their arrest, per the official statement.
The announcement comes hours after the Treasury Department sanctioned an Iranian cyber threat group Advanced Persistent Threat 39 (APT 39) as well as Rana Intelligence Computing Company (Rana) and 45 associated individuals.
The statement alleges Iran hid behind Rana which hired employees to hack into Iranian dissidents, journalists and international companies. The department believes both companies are owned or controlled by Iran’s Ministry of Intelligence and Security.