The U.S. Department of Justice (DOJ) has indicted three Iranian nationals linked to the Islamic Revolutionary Guard Corps (IRGC) for orchestrating a cyberattack aimed at influencing the 2024 US presidential election.
The indictment, unsealed today, charges Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi with a conspiracy to hack into the accounts of US political figures, media members, and campaign officials in a coordinated “hack-and-leak” operation. The aim of the campaign was to stoke discord, erode confidence in the electoral process, and acquire sensitive information for the IRGC’s benefit.
According to the DOJ, the three hackers targeted officials and individuals associated with one of the US presidential campaigns, referred to in the indictment as “US Presidential Campaign 1.” They successfully gained unauthorized access to personal accounts and stole confidential documents and emails, which they then leaked in an attempt to undermine the campaign. The indictment details how the stolen information was distributed to individuals linked to a rival presidential campaign, “US Presidential Campaign 2,” and members of the media.
Attorney General Merrick Garland stated, “The American people – not Iran, or any other foreign power – will decide the outcome of our country’s elections.” FBI Director Christopher Wray reinforced this sentiment, saying, “The FBI would like to send a message to the Government of Iran – you and your hackers can’t hide behind your keyboards.”
Tracing the Campaign
The indictment traces the Iranian cyber actors’ campaign back to January 2020, when they began compromising accounts using phishing and social engineering techniques. Among their methods were creating fake email accounts, spoofed login pages, and harvesting login credentials to break into victims’ accounts. The campaign escalated in May 2023, when the hackers shifted focus to individuals linked to the 2024 election.
The DOJ also said that the attackers sought to further the IRGC’s goals, including avenging the death of Qasem Soleimani, the former commander of the IRGC’s Qods Force. They allegedly targeted former US officials responsible for Middle East policy, using stolen information to assist the IRGC’s malicious activities.
The charges against the three Iranian nationals include conspiracy to commit identity theft, wire fraud, and providing material support to a designated foreign terrorist organization. Each charge carries significant prison time if they are convicted.
Alongside the indictment, the US Department of State has offered a reward of up to $10 million for information on the individuals involved, while the Treasury Department has imposed sanctions on Jalili for his role in the operation. The FBI continues to investigate, and the agency has urged anyone with information to come forward.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.