Three Iranian hackers were indicted in the US today for stealing sensitive commercial data, intellectual property, and personal data from several US-based satellite companies on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organisation.
According to the latest indictment, between July 2015 and February 2019, the three Iranian hackers impersonated US citizens working in the satellite and aerospace fields, registered several email addresses in the names of the targeted individuals, and fraudulently purchased various domains and hacking tools.
This activity was preceded by a coordinated campaign of social engineering on part of the hackers to identify US citizens who worked at major aerospace and satellite technology companies. Once the fake email addresses were created, the hackers sent phishing emails from these addresses to lure recipients working in aerospace and satellite companies to click on malicious links that, if clicked, downloaded malware into the recipients’ devices.
“Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company,” the Department of Justice said.
“The defendants at one time possessed a target list of over 1,800 online accounts, including accounts belonging to organisations and companies involved in aerospace or satellite technology and international government organisations in Australia, Israel, Singapore, the United States, and the United Kingdom,” it added.
The three hackers, namely Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati, are citizens of Iran and carried out their hacking activities in support of the country’s Islamic Revolutionary Guard Corps (IRGC) which has been designated as a foreign terrorist organisation by the U.S.
The U.S. has accused the IRGC of carrying out or supporting multiple cyber attacks targeting U.S. companies as well as organisations in Europe and elsewhere. In response to global sanctions imposed on Iran, IRGC regularly sponsors cyber attacks against countries it views as enemies of Iran, particularly the United States.
In 2018, the National Council of Resistance of Iran, which carries out regular protests and rallies against the government, explained in detail how the elite Iranian Revolutionary Guard injected advanced spying tools into apps to carry out large-scale surveillance over millions of Iranians and people in Western countries.
The group said that several apps developed by the Iranian military found their way into official stores like iTunes, Google, and Github and were being used not only to monitor the digital activities of Iranian citizens but also people in the West. These apps include several apps for domestic app store Cafe Bazaar, Mobogram, and variations of Telegram.
“The dissemination of these apps outside of Iran will enable the IRGC to spy globally and at will. Some of these apps are also available on App Store, GitHub and Google Play despite reports and user reviews warning they contain spyware embedded by the Iranian regime’s app developers. The spread of these apps outside Iran will put Internet users across the world at significant risk, increasing the rate of malware infections,’ the report said.
Earlier this week, an Iranian and a Palestinian hacker were charged in the United States for defacing multiple websites across the United States in response to the killing of Iranian military commander General Qasem Soleimani by US forces.
Soleimani was a major general in Iran’s Islamic Revolutionary Guard Corps (IRGC) and headed IRGC’s Quds Force when he was killed by a US military strike in January this year. His killing sparked massive outrage among the Iranian public and the Iranian government said the US military action would be met with “severe revenge”.
In response to his killing, hackers calling themselves members of the “Iran Cyber Security Group” defaced the website of the US government’s Federal Depository Library Programme (FDLP) as well as a number of other websites as well.
Behzad Mohammadzadeh, the Iranian hacker, hacked into 51 websites hosted in the US and replaced their content with pictures of the late general against a background of the Iranian flag along with a warning message. Along with Palestinian hacker Marwan Abusrour, he defaced seven more websites before boasting about his actions online.