DoJ Charges 3 Iranian Hackers in Political 'Hack & Leak' Campaign

The US Justice Department has announced charges against three members of Iran's Islamic Revolutionary Guard Corps (IRGC).

The individuals — known as Masoud Jalili, 36; Seyyed Ali Aghamiri, 34; and Yaser Balaghi, 37 — are accused of running a cyber campaign targeting the upcoming US presidential election, and conducting hacks against political campaigns, current and former US officials, nongovernmental organizations, and members of the media. They have been charged with conspiracy to commit identity theft, aggravated identity theft, unauthorized access to computers, access device fraud, and wire fraud.

The activity, according to a DoJ press release, "was part of Iran's continuing efforts to stoke discord, erode confidence in the US electoral process, and unlawfully acquire information relating to current and former US officials that could be used to advance the malign activities of the IRGC," including retribution on behalf of the death of former commander of the IRGC-Qods Force, Qasem Soleimani.

The DoJ alleges the attackers focused on compromising accounts of former US government officials for several years for shifting their focus and targeting campaign officials in May, using their access to campaign accounts to steal information, non-public campaign documents, and emails.

The attackers then broadened their operation, engaging in a "hack-and-leak" operation to weaponize stolen materials from a US presidential campaign in order to undermine certain candidates, according to the announcement.

"The conduct laid out in the indictment is just the latest example of Iran's brazen behavior," said FBI Director Christopher Wray. "So today the FBI would like to send a message to the government of Iran — you and your hackers can't hide behind your keyboards."

In tandem, the DoJ and the Department of State issued a reward of up to $10 million through the Rewards for Justice Program for information leading to the identification or location of any foreign person or entity engaging in interference in US elections.

Spear-Phishing for Malicious Opportunities

The indictments come on the heels of a joint warning with the UK's National Cyber Security Centre of continued malicious cyberactivity by threat actors working on behalf of the Iranian government, especially in the realm of spear-phishing.

Potential targets include current and former senior government or political officials, journalists, activists, and lobbyists, among others, which have been hit with social engineering messages tailored to the individual. The threat actors may impersonate family members or professional contacts to trick their victims; and heir lures could be a request for an interview, a public speaking event, or generally offering an opportunity to discuss policy.

"The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials," the advisory stated. "Victims may be prompted to input two-factor authentication codes, provide them via a messaging application, or interact with phone notifications to permit access to the cyber actors."

It's recommended that individuals who think they may be targeted be suspicious of unsolicited contact from any individual they do not know personally, unsolicited requests to share files, or attempts to share links.