As the relations between the US and Iran become increasingly tense, three Iranian hackers have been indicted for stealing crucial data from US aerospace and satellite tracking companies, straining diplomatic relations further. Confirmed to be nationals and residents of the Islamic Republic of Iran, Said Pourkarim Arabi, 34, Mohammad Reza Espargham, 25, and Mohammad Bayati, 34, allegedly carried out cybercrimes on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organization.
"We will relentlessly pursue and expose those who seek to harm American companies and individuals wherever they reside in the world," said G. Zachary Terwilliger, US Attorney for the Eastern District of Virginia. He added: "The use of malware, the theft of commercial data and intellectual property, and the use of social engineering to steal the identities of United States citizens to accomplish unlawful acts will not be tolerated."
Targeting Organizations in the US and Other Countries
The allegations in the indictment state that the hacking campaign of the trio targeted several organizations and companies in the US and abroad. It began approximately in July 2015 and went on until at least February 2019. Supposedly, the hackers possessed a list of over 1,800 online accounts to target at one point of time. The list said to have included accounts from companies and organizations working in the field of satellite or aerospace technology, and also international government organizations in the US, United Kingdom, Israel, Singapore and Australia.
James A. Dawson, Assistant Director in Charge of the FBI's Washington Field Office, said, "Today's charges allege that these individuals conspired in a coordinated campaign with known IRGC members and acted at their direction. The defendants targeted thousands of individuals in an attempt to steal critical information related to United States aerospace and satellite technology."
The Modus Operandi
In order to enable the victimization of the chosen targets, the hackers carried out coordinated attacks of social engineering to identify US citizens employed in the satellite and aerospace fields, with the intention of assuming their identities online after stealing them.
After stealing the identities, the trio impersonated the individuals and used their identities to establish email addresses and purchased necessary for the scheme fraudulently. Next, they created customized spear-phishing emails which were purported to be from the individuals whose identities they had stolen, in a bid to entice the recipients of the emails to click on malicious links that were embedded in the mails.
When the recipient of the mail clicked on the malicious links, a malware would download itself on to the targeted individual's computer. This gave the hackers unrestricted access to their networks and computers.
Charges Against the Accused
For the maintenance of the unauthorized access gained, increase their privileges, and steal data commissioned by the IRGC, they used additional hacking tools. Employing these techniques, hackers successfully preyed upon multiple victim networks. This resulted in the theft of crucial intellectual property, commercial information and personal data from victim companies, which also included a satellite voice and data communications company and a satellite-tracking company.
Arabi, Bayati and Esphargham have been charged with conspiracy to commit computer intrusions, and conspiracy to commit wire fraud. Both Arabi and Esphargham are charged with conspiracy to obtaining information by unauthorized access to protected computers, intentional damage to protected computers. Arabi has an additional charge of aggravated identity theft. If convicted, all three face a maximum penalty of 20 years in prison.