For the third straight day, federal prosecutors have announced criminal charges accusing Iranian nationals with conducting cyberattacks in the U.S., with the charges this time targeting a member of Iran's elite Revolutionary Guard.
The most recent charges announced Thursday in U.S. District Court in Alexandria, Virginia, accuse a member of the Revolutionary Guard and two others of stealing the identities of individuals working in aerospace and satellite technology. The hackers would then use those identities to launch phishing campaigns on the tech workers' peers in order to launch malware and commandeer sensitive data and intellectual property, officials said.
The accused Revolutionary Guard member is Said Arabi, 34. The other two are Mohammad Reza Espargham, 25, and Mohammad Bayati, 34, all Iranian nationals residing in Iran. Espargham is identified in a leader in the Iranian Dark Coders Team, described in the indictment as “a notorious group of Iranian hackers responsible for numerous computer intrusions worldwide.”
All three are living in Iran. Court records do not list an attorney for any of the men.
“The use of malware, the theft of commercial data and intellectual property, and the use of social engineering to steal the identities of United States citizens to accomplish unlawful acts will not be tolerated," said U.S. Attorney for the Eastern District of Virginia G. Zachary Terwilliger, whose office is prosecuting the case.
Prosecutors say the conspiracy stretched from 2015 through 2019. The indictment spells out one phishing attack that uses the name of an unidentified college professor who purportedly was seeking help on a project related to the processing of satellite images. The email asks recipients to click on a link to assist with the project.
Earlier this week, prosecutors in Boston obtained indictments against an Iranian national and a Palestinian national for allegedly defacing websites across the U.S. in retaliation to the targeted killing of Iran Gen. Qassem Soleimani, replacing the websites' content with pictures of the top Iranian general and messages such as “Down with America.”
And on Wednesday, the department announced charges against two Iranian nationals accused of stealing hundreds of terabytes of data in a hacking campaign targeting institutions in the U.S., Europe and the Middle East.
On Thursday, U.S. Secretary of State Mike Pompeo announced sanctions against an Iranian cyber threat group known as Advanced Persistent Threat 39 (APT39) and 45 individuals associated with the group. In a statement, Pompeo called Iran “one of the world’s leading threats to cybersecurity and human rights online.”
“We will continue to expose Iran’s nefarious behavior and impose costs on the regime until they turn away from their destabilizing agenda.” Pompeo said.