An Iranian national is being charged with their involvement in a cyber campaign to compromise U.S. governmental and private entities, including the Department of Treasury and State, defense contractors and two New York-based companies, according to an unsealed Justice Department document. According to a February 29 press release, the defendant conducted cyberattacks while employed by an Iranian company that ‘purported to provide cybersecurity services.
Iran’s Corrupt Cyber Ecosystem
Court documents stated, “from at least in or about 2016 through in or about April 2021, Alireza Shafie Nasab, 39, of Iran, and other co-conspirators were members of a hacking organization that participated in a coordinated multi-year campaign to conduct and attempt to conduct computer intrusions.”
Nasab is reportedly still at large.
“While purporting to work as a cybersecurity specialist for Iran-based clients, Mr. Nasab allegedly participated in a persistent campaign to compromise U.S. private sector and government computer systems,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “Today’s charges highlight Iran’s corrupt cyber ecosystem, in which criminals are given free rein to target computer systems abroad and threaten U.S. sensitive information and critical infrastructure. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.”
Hacking Methods
Nasabs methods during the cyber campaign were spear phishing, and other hacking techniques to infect more than 200,000 victims devices, many of which contained sensitive or classified defense information, said U.S. Attorney Damian Williams for the Southern District of New York.
According to the release, the private sector’s victims were primarily cleared defense contractors, which were a part of companies that supported DoD programs. Other companies targeted were a New York-based accounting firm and a hospitality company.
Primarily using spear phishing during the course of their campaigns against one victim; the group compromised more than 200,000 victim employee accounts. At another victim, the conspirators targeted 2,000 employee accounts. In order to manage their spearphishing campaigns, the group created and used a particular computer application, which enabled the conspirators to organize and deploy their spear phishing attacks.
The conspirators were able to compromise an administrator’s email account, belonging to Defense Contractor-1. The cybercriminals then created unauthorized email accounts, which they then used to send spear phishing campaigns to employees of other defense contracting and consulting firms.
Another tactic the organization used, was social engineering.
According to the press release, this involved impersonating others, generally women, in order to obtain the confidence of victims. These social engineering contacts were another means the conspiracy used to deploy malware onto victim computers and compromise those devices and accounts.
Charges for Cyber Crimes
“Nasab took part in these schemes,” the press release continued. “During his participation in the scheme, he was employed by Mahak Rayan Afraz, an Iran-based company that purported to provide cybersecurity services, but which was, in fact, a front for the conspirators’ operations. Nasab was responsible for procuring infrastructure used by the conspiracy. During the course of this conduct, Nasab used the stolen identity of a real person in order to register a server and email accounts used in the course of the cyber campaigns.”
Nasab is being charged with one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, one count of wire fraud, and one count of aggravated identity fraud. Combined, he faces 47 years maximum in prison.
A reward of up to $10 million is being offered for information leading to the identification or location of Nasab.
