Skip to content Skip to footer

US Charges Iranian National for Cyber Attacks on Government Entities

On Friday, the U.S. Department of Justice (DoJ) revealed an indictment against an Iranian national, Alireza Shafie Nasab, on charges of his alleged involvement in a cyber-enabled campaign that lasted for years and was designed to compromise various U.S. governmental and private entities. The indictment states that more than a dozen entities were targeted, including the U.S. Departments of the Treasury and State, contractors that support U.S. Department of programs, and an accounting firm and a hospitality company based in New York.

As per the indictment, Nasab claimed to be a specialist for a company called Mahak Rayan Afraz while participating in a persistent campaign targeting the U.S. from at least in or about 2016 through or about April 2021. The spear-phishing campaigns were managed via a custom application that enabled Nasab and his co-conspirators to organize and deploy their attacks.

The spear-phishing campaigns involved techniques to infect over 200,000 victim devices, many containing sensitive or classified information. Additionally, the conspirators masqueraded as other people, typically women, to obtain the confidence of victims and deploy onto victim computers.

Nasab, while working for the front company, is believed to be responsible for procuring infrastructure utilized in the campaign by using a natural person's stolen identity to register a server and email accounts. The threat actors also breached an administrator email account belonging to an unnamed contractor, subsequently leveraging the access to create rogue accounts and send out spear-phishing emails to employees of a different contractor and a consulting firm.

The indictment charges Nasab with one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, one count of wire fraud, and one count of aggravated identity theft. If convicted on all counts, Nasab could face up to 47 years in prison. However, he remains at large, and the U.S. State Department has announced monetary rewards of up to $10 million for information leading to his identification or location.

The indictment also reveals that Mahak Rayan Afraz (MRA) is a Tehran-based firm with ties to the Islamic Revolutionary Guard Corps (IRGC), Iran's armed force charged with defending the country's revolutionary regime. The activity cluster, which also overlaps with Tortoiseshell, has been previously linked to elaborate social engineering campaigns, including posing as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace contractor with .

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Never send a boy to do a woman's job.Kate

Deitasoft © 2024. All Rights Reserved.