U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data.
The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy with other known and unknown actors to undermine the U.S. electoral process.
They are alleged to have hacked into accounts of current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns. None of the three operatives, said to be members of the Basij Resistance Force, have been arrested.
"The activity was part of Iran's continuing efforts to stoke discord, erode confidence in the U.S. electoral process, and unlawfully acquire information relating to current and former U.S. officials that could be used to advance the malign activities of the IRGC, including ongoing efforts to avenge the death of Qasem Soleimani, the former commander of the IRGC – Qods Force (IRGC-QF)," the DoJ said.
The activity, per the DoJ, entailed obtaining access to non-public campaign documents and emails related to the election campaign sometime around May 2024. Then the next month, the conspirators engaged in hack-and-leak operations by sharing the stolen campaign material with media publications and individuals associated with the other presidential campaign.
The development comes nearly two weeks after the U.S. Federal Bureau of Investigation (FBI) blamed Iranian threat actors for plundering non-public material from former President Trump's campaign and passing it on to President Biden's campaign and U.S. media organizations.
"These hack-and-leak efforts by Iran are a direct assault on the integrity of our democratic processes," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division.
"Iranian government actors have long sought to use cyber-enabled means to harm U.S. interests. This case demonstrates our commitment to expose attempts by the Iranian regime or any other foreign actor to interfere with our free and open society."
Jalili, Aghamiri, and Balaghi have also been accused of undertaking a wide-ranging hacking campaign starting back in January 2020 to infiltrate victims' computers and online accounts using a combination of spear-phishing and social engineering techniques.
This involved the use of fake personas to trick users into clicking on malicious links and spoofing login pages to harvest account credentials and using the compromised victim accounts to send phishing messages to other targets. The DoJ said some of these efforts were successful.
The trio have been charged with 18 counts that include conspiracy to commit identity theft, aggravated identity theft, access device fraud, unauthorized access to computers to obtain information from a protected computer, unauthorized access to computers to defraud and obtain a thing of value, and wire fraud.
In coordination with the indictment, the Department of State has issued a reward of up to $10 million for information on Jalili, Aghamiri, and Balaghi, the IRGC's interference in U.S. elections, or associated individuals and entities.
The U.S. Department of the Treasury's Office of Foreign Asset Control (OFAC) has imposed sanctions against seven individuals for their malicious cyber activities, including spear-phishing, hack-and-leak operations, and their alleged interference with political campaigns -
- Masoud Jalili
- Ali Mahdavian, Fatemeh Sadeghi, Elaheh Yazdi, Sayyed Mehdi Rahimi Hajjiabadi, Mohammad Hosein Abdolrahimi, and Rahmatollah Askarizadeh (employees and executives of Emennet Pasargad)
It's worth noting that the U.S. government previously sanctioned six other employees of the same company in November 2021 for their attempts to interfere in the 2020 U.S. presidential election.
"The Iranian regime is increasingly attempting to influence the outcome of the forthcoming U.S. election because it perceives the outcome will impact U.S. foreign policy towards Iran," the State Department said.
"Iranian state-sponsored actors have undertaken a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States' election processes and institutions while also seeking to influence the political campaigns."
In August, Iran denied accusations that it played any role in the hack, calling them baseless and that Iran's "cyber power is defensive and in proportionate to the threats it faces," Iran's state-controlled news agency IRNA reported.
The indictment is the latest effort by the U.S. government to counter foreign efforts to interfere in the upcoming election. Recently, it also brought criminal charges and sanctions against employees of Russian state media outlet RT for allegedly funding pro-Trump social-media influencers in the U.S.