The U.S. Department of Justice on Thursday unsealed an indictment that charged three Iranian nationals with hacking U.S. computers, stealing “hundreds of terabytes of data” relating to national security.
“For the third time in three days, the Department has charged Iranian hackers,” said Assistant Attorney General for National Security John C. Demers in a press release. “This case highlights the Islamic Revolutionary Guard Corps’ efforts to infiltrate the networks of American companies in search of valuable commercial information and intellectual property. It is yet another effort by a rogue foreign nation to steal the fruits of this country’s hard work and expertise.”
The indictment alleges that the three hackers began their campaign around July 2015 and continued through at least February 2019. At one point, the DOJ press release said, the hackers had “a target list of over 1,800 online accounts, including accounts belonging to organizations and companies involved in aerospace or satellite technology and international government organizations in Australia, Israel, Singapore, the United States, and the United Kingdom.”
Over the half-decade in which the hackers operated, they “stole hundreds of terabytes of data, which typically included confidential communications pertaining to national security, foreign policy intelligence, non-military nuclear information, aerospace data, human rights activist information, victim financial information and personally identifiable information, and intellectual property, including unpublished scientific research,” the indictment alleges.
In order to do this, the hackers “engaged in a coordinated campaign of social engineering to identify real U.S. citizens working in the satellite and aerospace fields whose identities the defendants could assume online,” the DOJ said, adding:
The defendants then impersonated those individuals and used their stolen identities to register email addresses and fraudulently purchase domains and hacking tools for use in the scheme. The defendants then created customized spear phishing emails that purported to be from the individuals whose identities the defendants had stolen, in an attempt to entice the recipients to click on malicious links embedded in the emails. Once a recipient clicked on a malicious link, malware would be downloaded to the individual’s computer, giving the defendants unauthorized access to the recipient’s computer and network. The defendants then used additional hacking tools to maintain unauthorized access, escalate their privileges, and steal data sought by the IRGC. Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company.
The three Iranians charged with the hacks are 34-year-old Said Pourkarim Arabi, 34-year-old Mohammad Bayati, and Mohammad Reza Espargham, whose age is unknown. Arabi was a member of the IRGC.
Each one faces a maximum of 20 years in prison for their alleged crimes.
“Today’s charges are yet another example of the FBI’s dedication to investigating those who target and attempt to steal data and proprietary information from the U.S.,” said James A. Dawson, Assistant Director in Charge of the FBI’s Washington Field Office. “Today’s charges allege that these individuals conspired in a coordinated campaign with known IRGC members and acted at their direction. The defendants targeted thousands of individuals in an attempt to steal critical information related to U.S. aerospace and satellite technology. The FBI remains dedicated to protecting the U.S., and we continue to impose risk and consequences on cyber adversaries through our unique authorities, world-class capabilities, and enduring partnerships.”