US accuses four Iranians of targeting defense contractors
The Biden administration took action on Tuesday against two Iranian companies and four individuals accused of working for years on behalf of the digital branch of the country’s top military unit to breach multiple U.S. targets.
The actions were announced amid tensions in the Middle East after Israel and Iran exchanged attacks on one another earlier this month, raising concerns that antagonism between the two longtime enemies could carry into cyberspace.
The Justice Department announced charges against four Iranian nationals who allegedly worked for the Iranian Islamic Revolutionary Guard Corps - Cyber Electronic Command (IRGC-CEC). The agency previously unsealed an indictment against one of the individuals named today.
The group’s victims were “primarily cleared defense contractors” granted security clearances from the Defense Department, as well as a New York-based accounting firm and a New York-based hospitality company, according to the DOJ.
“These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign from Iran targeting more than a dozen American companies and the U.S. Treasury and State Departments,” Attorney General Merrick Garland said in a statement.
The Treasury Department also slapped sanctions on the men, including Reza Kazemifar Rahman, who “has been involved in operational testing of malware intended to target job seekers with a focus on military veterans,” the agency said. The others are Hossein Harooni, Komeil Baradaran Salmani and Alireza Shafie Nasa.
He was previously involved in a spearphishing campaign that targeted multiple U.S. entities, including Treasury.
This is the second batch of sanctions this year against the IRGC-CEC. In February, the Treasury Department listed six government officials accused of being connected to cyberattacks against critical infrastructure in the U.S.
The Treasury on Tuesday also sanctioned the company Mehrsam Andisheh Saz Nik, formerly known as Mahak Rayan Afzar, for allegedly operating as a front for the Iranian military outfit and for ties to numerous threat actors, including Tortoiseshell, a prolific hacking group.
Treasury said the second sanctioned front company, Dadeh Afzar Arman, also engaged in malicious cyber campaigns on behalf of the IRGC.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.