In a recent development, the U.S. Department of Justice has unveiled an indictment against an Iranian individual, Alireza Shafie Nasab, aged 39, for his alleged involvement in orchestrating a cyber-espionage campaign targeting Defense Department contractors, as well as the Treasury and State departments.
According to the indictment, Nasab was purportedly engaged in a hacking operation spanning from 2016 to April 2021, which aimed at over a dozen companies, many of which were cleared defense contractors. One notable breach at a New York accounting firm resulted in the compromise of more than 200,000 devices, as stated by the DOJ.
Assistant Attorney General Matthew Olsen remarked, “While claiming to work as a cybersecurity specialist for clients based in Iran, Mr. Nasab allegedly played a key role in a sustained effort to infiltrate U.S. private sector and government computer systems.” Olsen emphasized the gravity of the charges, highlighting the threat posed by Iran’s cyber ecosystem to sensitive U.S. information and critical infrastructure.
The group allegedly relied primarily on spearphishing attacks to gain entry into targeted systems. In one instance in 2019, Nasab and his associates purportedly compromised a defense contractor’s administrator email account, enabling them to create two new email accounts and send spearphishing emails to employees at another defense contractor and a consulting firm.
The indictment further reveals the use of an undisclosed application to manage their campaigns, allowing the hackers to obtain reports on the activities of targeted accounts, including clicks on malicious links, IP addresses, operating systems, and locations.
Additionally, the hackers employed social engineering tactics, including adopting “female personas” to send messages with malicious links and attachments containing malware. The indictment alleges that one defense contractor fell victim to this tactic.
Nasab is said to have worked for several Iranian technology companies, responsible for procuring infrastructure utilized by the conspiracy, particularly for social engineering campaigns. The indictment links him to Mahak Rayan Afraz, a company accused by Facebook in 2021 of developing malware associated with the hacking group Tortoiseshell, reportedly affiliated with Iran’s Islamic Revolutionary Guard Corps.
Penalty of 47 years and a Rs. 80 Crore Bounty
Nasab faces charges including conspiracy to commit computer fraud and wire fraud, wire fraud, and aggravated identity theft, collectively carrying a maximum penalty of 47 years in prison. The Department of State has announced a reward of up to $10 million for information leading to Nasab’s whereabouts through its Rewards for Justice Program.
This development follows the Treasury Department’s recent sanctioning of six Iranian government officials in February, accused of orchestrating cyberattacks on U.S. water facilities utilizing technology from an Israeli company.