The Justice Department charged an Iranian national for spearheading a years-long campaign to infect thousands of computers associated with federal agencies and U.S. companies, including defense contractors, according to an indictment made public Thursday.
Alireza Shafie Nasab, 39, worked for for a company that purported to provide cybersecurity services for customers in Iran while targeting U.S. entities from 2016 through 2021, according to allegations unsealed in a federal court. Nasab and his compatriots targeted more than a dozen networks associated with U.S. companies, the Treasury Department and State Department and in at least one case successfully compromised an unnamed defense contractor.
“Nasab allegedly participated in a persistent campaign to compromise U.S. private sector and government computer systems,” Assistant Attorney General for National Security Matthew G. Olsen said in a statement.
The companies Nasab targeted were primarily defense contractors given security clearances to work with the Department of Defense (DOD) on highly classified programs, according to the indictment. (RELATED: Chinese Hackers Have Been Secretly Embedded In Key US Infrastructure Systems For ‘At Least Five Years’: REPORT)
In 2019, the hacking group conducted a spearphishing attack and successfully broke into an administrator’s account for an unnamed defense contractor, according to the indictment. The breach allowed the group to create two fake accounts, which they used to send emails to another defense contractor and a consulting firm in an attempt to compromise those networks.
Separately, the conspirators used a false female social media persona to trick an employee at the second defense contractor to click a link containing malicious code. Shortly after that, the hackers had access to that employee’s email account.
“Today’s charges highlight Iran’s corrupt cyber ecosystem, in which criminals are given free rein to target computer systems abroad and threaten U.S. sensitive information and critical infrastructure,” Olsen said.
In addition, Nasab’s group compromised more than 200,000 employee accounts of a New York-based accounting firm and a further 2,000 accounts at a company operating in the hospitality industry, the indictment alleged.
“At all times,” the indictment alleged, Nasab “participated in the above-described highly organized and coordinated scheme to conduct computer intrusions targeting American companies and federal agencies.”
While committing those crimes, Nasab worked for an Iran-based private company and was tasked with procuring infrastructure to support the hacking campaign, using the name and passport from a stolen identity, it states.
“As alleged, Alireza Shafie Nasab participated in a cyber campaign using spearphishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information. Cyber intrusion schemes such as the one alleged threaten our national security,” U.S. Attorney Damien Wilson said in the statement.
Reward up to $10 Million
Got information on this Iranian hacker? It could be worth up to $10 million to you.
Submit your tip to RFJ. You could be eligible for a reward or relocation. pic.twitter.com/6uFXnSAqRJ
— Rewards for Justice (@RFJ_USA) February 16, 2024
Nasab is charged with one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, one count of wire fraud and one count of aggravated identity theft. He could face up to 20 years in prison.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.