The U.S. Justice Department released the below information:
The Justice Department unsealed an indictment charging an
Iranian national with involvement in a cyber-enabled campaign to compromise
U.S. governmental and private entities, including the U.S. Departments of the
Treasury and State, defense contractors, and two New York-based companies.
According to
court documents, from at least in or about 2016 through in or about April 2021,
Alireza Shafie Nasab, 39, of Iran, and other co-conspirators were members of a
hacking organization that participated in a coordinated multi-year campaign to
conduct and attempt to conduct computer intrusions. These intrusions targeted
more than a dozen U.S. companies and the U.S. Departments of the Treasury and
State. Nasab remains at large.
“While purporting to work as a cybersecurity specialist for Iran-based clients, Mr. Nasab allegedly participated in a persistent campaign to compromise U.S. private sector and government computer systems,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
“Today’s charges highlight Iran’s corrupt cyber ecosystem, in which
criminals are given free rein to target computer systems abroad and threaten
U.S. sensitive information and critical infrastructure. Our National Security
Cyber Section remains focused on disputing these cross-border hacking schemes
and holding those responsible to account.”
“As alleged,
Alireza Shafie Nasab participated in a cyber campaign using spear phishing and
other hacking techniques to infect more than 200,000 victim devices, many of
which contained sensitive or classified defense information,” said U.S.
Attorney Damian Williams for the Southern District of New York. “Cyber
intrusion schemes such as the one alleged threaten our national security, and
I’m proud of our law enforcement partners and the career prosecutors of this
office for using innovative technologies and investigative measures to disrupt
and track down these cybercriminals.”
“The FBI will
leverage all of its capabilities in combating the threat posed by Iranian
hacker organizations to America’s public and private sectors,” said Assistant
Director Bryan Vorndran of the FBI’s Cyber Division. “The close collaboration
with partners that led to today’s unsealed indictment of Alireza Shafie Nasab
will continue to keep the pressure on cyber adversaries.”
The hacking
group’s private sector victims were primarily cleared defense contractors,
which are companies that support U.S. Department of Defense programs. In
addition, the group targeted a New York-based accounting firm and a New
York-based hospitality company.
According to the
indictment, in conducting their hacking campaigns, the group used spear
phishing — that is, tricking an email recipient into clicking on a malicious
link — to infect victim computers with malware. In the course of their
campaigns against one victim, the group compromised more than 200,000 victim
employee accounts. At another victim, the conspirators targeted 2,000 employee
accounts. In order to manage their spearphishing campaigns, the group created
and used a particular computer application, which enabled the conspirators to
organize and deploy their spear phishing attacks.
In the course of
these spear phishing attacks, the conspirators compromised an administrator
email account belonging to a defense contractor (Defense Contractor-1). Access
to this administrator account empowered the conspirators to create unauthorized
Defense Contractor-1 accounts, which the conspirators then used to send spear
phishing campaigns to employees of a different defense contractor and a
consulting firm.
In addition to
spearphishing, the conspirators utilized social engineering, which involved
impersonating others, generally women, in order to obtain the confidence of
victims. These social engineering contacts were another means the conspiracy
used to deploy malware onto victim computers and compromise those devices and
accounts.
Nasab took part
in these schemes. During his participation in the scheme, he was employed by
Mahak Rayan Afraz, an Iran-based company that purported to provide
cybersecurity services, but which was, in fact, a front for the conspirators’
operations. Nasab was responsible for procuring infrastructure used by the
conspiracy. During the course of this conduct, Nasab used the stolen identity
of a real person in order to register a server and email accounts used in the
course of the cyber campaigns.
Nasab is charged
with one count of conspiracy to commit computer fraud, which carries a maximum
penalty of five years in prison; one count of conspiracy to commit wire fraud,
which carries a maximum penalty of 20 years in prison; one count of wire fraud,
which carries a maximum penalty of 20 years in prison and one count of
aggravated identity theft, which carries a mandatory consecutive term of two
years in prison. A federal district court judge will determine any sentence
after considering the U.S. Sentencing Guidelines and other statutory factors.
Concurrent with
the unsealing of the indictment, the U.S. Department of State’s Rewards for
Justice Program is offering a reward of up to $10 million for
information leading to the identification or location of Nasab.
Anyone with
information on Nasab and his malicious cyberactivity should contact Rewards for
Justice via their Tor-based tips-reporting channel at:
he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion
(the Tor browser is required).
The FBI New York
Field Office and Cyber Division are investigating the case.
Assistant U.S.
Attorneys Ryan B. Finkel, Dina McLeod and Daniel G. Nessim for the Southern
District of New York’s Complex Frauds and Cybercrime Unit are prosecuting the
case, with valuable assistance from Trial Attorney Matthew Chang of the
National Security Division’s National Security Cyber Section.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
No comments:
Post a Comment