The US Justice Department has brought charges against three individuals affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in a cyber campaign aimed at influencing the upcoming US presidential election and targeting various political campaigns, officials, NGOs, and media members. The accused individuals, Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi, have been charged with multiple offenses including conspiracy to commit identity theft, aggravated identity theft, unauthorized access to computers, access device fraud, and wire fraud.
According to the Department of Justice, the cyber campaign orchestrated by the IRGC was part of Iran’s ongoing efforts to sow discord, undermine confidence in the US electoral process, and unlawfully acquire information about current and former US officials to further the IRGC’s activities. The indictment alleges that the attackers initially focused on compromising the accounts of former US government officials before shifting their attention to campaign officials, stealing non-public campaign documents and emails in the process.
Furthermore, the attackers conducted a “hack-and-leak” operation to weaponize the stolen materials from a US presidential campaign, with the intent of undermining specific candidates. FBI Director Christopher Wray condemned Iran’s behavior, stating that the indictment serves as a warning that Iran and its hackers cannot hide behind their keyboards.
In response to these cyber threats, the DOJ and the Department of State have offered a reward of up to $10 million through the Rewards for Justice Program for information leading to the identification or location of any foreign entity engaged in interfering with US elections. This initiative aims to combat foreign interference in the electoral process and hold individuals or entities accountable for their actions.
The indictments coincide with a joint warning issued by the US and UK authorities regarding ongoing malicious cyber activities conducted by threat actors on behalf of the Iranian government, particularly in the realm of spear-phishing. Potential targets of these attacks include senior government officials, political figures, journalists, activists, and lobbyists, who may receive social engineering messages tailored to their interests. The threat actors use various tactics, such as impersonating trusted contacts or enticing victims with requests for interviews or events, to lure their targets into clicking on malicious links or sharing sensitive information.
Individuals who suspect they may be targeted are advised to remain vigilant against unsolicited communications from unfamiliar sources, requests to share files or access links, and interactions that seem suspicious. By staying cautious and informed, individuals can help protect themselves from falling victim to cyber threats and maintain the integrity of the electoral process.