Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management

3 Iranian Hackers Charged With Targeting US Satellite Firms

DOJ: Hackers Used Social Engineering Techniques, Spear Phishing
3 Iranian Hackers Charged With Targeting US Satellite Firms

Three Iranian hackers have been charged in connection with using social engineering and phishing techniques to steal data and intellectual property from U.S. satellite and aerospace companies, according to the Justice Department.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The suspects were allegedly working on behalf of Iran's Islamic Revolutionary Guard Corps - a paramilitary group that has been designated as a terrorist organization by the U.S., prosecutors say.

Said Pourkarim Arabi, Mohammad Bayati and Mohammad Reza Espargham have been indicted by a federal grand jury on charges related to a hacking campaign that started July 2015 and lasted until February 2019. The three allegedly targeted satellite and aerospace firms in the U.S. as well as Australia, Israel, Singapore and the U.K.

The Justice Department unsealed the indictment against the three suspects on Thursday. None the men are in custody and all are now wanted by U.S. law enforcement agencies.

The latest indictment is part of a series of actions by U.S. authorities this week that have targeted Iran's cyber operations.

On Thursday, the Treasury Department announced sanctions against an Iranian advanced persistent threat group, 45 associated individuals and a front company the Iranian government allegedly used to run a yearslong malware campaign (see: US Imposes Sanctions on Iranian APT Group).

Earlier this week, two other Iranian nationals were charged with participating in a yearslong hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data (see: 2 Iranians Indicted for Lengthy Hacking Campaign).

In addition, the Justice Department has charged two suspected hackers, including one Iranian national, with defacing over 50 U.S. websites, while the U.S. Cybersecurity and Infrastructure Security Agency warned about hacking attempts by a threat group tied to the Iranian government.

Satellite Firm Hacking Campaign

In the latest indictment, the Justice Department charges that Arabi, Bayati and Espargham targeted approximately 1,800 accounts belonging to employees and workers at satellite companies, aerospace firms and some government organizations for four years.

The first part of the campaign involved the three allegedly using social engineering techniques to assume the identities of employees and workers at many of the targeted companies, prosecutors say.

Once the three suspects assumed those identities, they allegedly crafted spear-phishing emails that appeared to come from the victims to target other employees of these firms, according to the indictment. In one case, the messages appeared to come from a university professor associated with one of the targeted firms. The malicious messages typically contained an embedded link that, when clicked, would plant malware within a compromised device, according to the indictment.

In most cases, the hackers used a Trojan called NanoCore RAT, which can steal information from PCs, including passwords and emails; access, modify and obtain copies of any files on a PC; surreptitiously activate webcams to spy on victims; as well as log keystrokes.

Once the Trojan had been installed, the hackers then allegedly used legitimate tools, such as the Metasploit framework and Mimikatz, to create backdoors into the compromised networks, according to the indictment.

"Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company," the Justice Department says.

In addition to stealing data and intellectual property, the three men allegedly caused thousands of dollars' worth of damages and losses to these firms. The indictment indicates that two firms sustained a combined total of $500,000 worth of damage.

Multiple Charges

Arabi - a suspected former member of the Islamic Revolutionary Guard Corps, according to the Justice Department - and Espargham are each charged with conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, unauthorized access to protected computers, aggravated identity theft and conspiracy to commit wire fraud. The most serious of the charges, conspiracy to commit wire fraud, carries a maximum penalty of 20 years in prison.

Bayati's charges include conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison, and conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.