The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website.
The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi, 24, and Sajjad Kazemi, 27 — have been charged with conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, voter intimidation, transmission of interstate threats, with Kazemi additionally charged with unauthorized computer intrusion. Both the individuals are currently at large.
The influence campaign's goal was to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans, the Department of Justice (DoJ) said in a statement, characterizing the two individuals as "experienced Iran-based computer hackers" who carried out the attacks during their work as contractors for an Iranian company named Emennet Pasargad (formerly Eeleyanet Gostar).
As part of the coordinated election interference scheme, Kazemi and Kazemi are alleged to have attempted to compromise nearly 11 state voter registration and information websites between September and October 2020, successfully breaching a misconfigured computer system in an unnamed state to retrieve details associated with more than 100,000 voters.
The siphoned data was then used to simulate intrusions that the Democratic Party was supposedly planning to carry out by exploiting election infrastructure vulnerabilities to register non-existent voters and edit mail-in ballots, all of which were captured in the form of a "False Election Video" that was distributed to Republican Senators, White House advisors, and several members of the media.
"The access of voter registration data appeared to involve the abuse of website misconfigurations and a scripted process using the cURL tool to iterate through voter records," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted back in November 2020. "A review of the records that were copied and obtained reveals the information was used in the propaganda video."
Besides the aforementioned activities, the defendants are said to have sent threatening email messages to intimidate and interfere with voters and successfully gained unauthorized access to an unspecified media company's computer network using stolen credentials with the goal of disseminating false claims after the election on November 4, 2020. The attacks were ultimately foiled, the DoJ said.
Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet's IR Leader!Don't Miss Out – Save Your Seat!
In a related development, the Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against Kazemi and Kashian, and four other Emennet employees, for carrying out disruptive cyber operations against the U.S. and providing technological support to the Iranian Islamic Revolutionary Guard Corps, even as the State Department offered a reward of up to $10 million for information about the whereabouts of these two individuals or their activities.
The indictments come a little over a year after CISA and the Federal Bureau of Investigation (FBI) issued an advisory warning of Iranian threat actors' endeavors to influence and interfere with the U.S. elections by "creating fictitious media sites and spoofing legitimate media sites to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud."
Iranian hacking groups have been in the spotlight in the past few days, with cybersecurity agencies across the U.S., U.K., and Australia alerting of ongoing malicious infiltrations targeting organizations worldwide by exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to exfiltrate sensitive data and increasingly deploy ransomware.