The U.S. government has announced criminal charges and sanctions against four Iranians allegedly involved in a multi-year cyber campaign targeting numerous American companies.
Alongside, sanctions were imposed on two Iranian companies identified as fronts for Iran’s Revolutionary Guard cyber command, allegedly employing the individual defendants.
Federal prosecutors in Manhattan detailed the cyberattacks, primarily aimed at defense contractors with access to classified information.
Employing spearfishing tactics, the defendants tricked email recipients into clicking malicious links and impersonated women to gain trust.
These actions compromised over 200,000 employee accounts at an accounting firm and 2,000 at a hospitality company.
U.S. Attorney General Merrick Garland emphasized the serious threat posed by criminal activity originating from Iran to America’s national security and economic stability.
The indicted individuals, in their mid-to late-30s, face charges including wire fraud, conspiracy, and computer intrusions.
The accused, Hossein Harooni, Reza Kazemifar, Alireza Nasab, and Komeil Salmani, remain at large. Each faces charges of wire fraud, wire fraud conspiracy, and conspiracy to commit computer intrusions.
Harooni also faces charges of damaging a protected computer, while Harooni and Nasab are charged with aggravated identity theft.
The cyberattacks occurred between 2016 and 2021, targeting various American companies, including defense contractors and New York-based firms.
The Treasury Department and the State Department jointly announced the sanctions against the individuals and companies involved.
The charges and sanctions underscore the U.S. government’s commitment to combating cyber threats and protecting American interests from foreign adversaries.
