Iranian hacker charged in the United States

Iranian hacker is charged in the United States and offered a $10 million reward for his capture

Mar 02, 2024 NewsroomCybercrime / Social Engineering

An Iranian national’s indictment against him was released on Friday by the U.S. Department of Justice ( DoJ) on suspicion of participating in a multi-year cyber-enabled campaign to compromise American governmental and private entities.

A total of ten people are alleged to have been targeted, including the U.S. Departments of State and Treasury, defense contractors supporting U.S. Department of Defense initiatives, and two New York-based accounting firms and hotels.

As part of a persistent campaign targeting the United States from at least through April 2021, Alireza Shafie Nasab, 39, claimed to work for a company called Mahak Rayan Afraz as a cybersecurity specialist.

According to U.S. Attorney Damian Williams for the Southern District of New York,” Alireza Shafie Nasab allegedly participated in a cyber campaign using spear-phishing and other hacking techniques to infect more than 200 000 victim devices, many of which contained sensitive or classified defense information.”

A custom application that allowed Nasab and his co-conspirators to plan and launch their spear-phishing campaigns was used to manage the spear-phishing campaigns.

In one instance, the threat actors used the access to create rogue accounts and send spear-phishing emails to employees of a different defense contractor and a consulting firm by breaching an administrator email account belonging to an undisclosed defense contractor.

In order to gain victims ‘ trust and install malware on their computers, the conspirators have allegedly posed as other people, typically women, outside of spear-phishing attacks.

In order to register a server and email account with the front company, Nasab is alleged to have used the stolen identity of a real person to purchase the infrastructure needed for the campaign.

He has been accused of one count of aggravated identity theft, one count of wire fraud, one count of computer fraud, and one count of conspiracy to commit wire fraud. Nasab could spend up to 47 years in prison if found guilty of all charges.

The U.S. State Department has announced financial rewards of up to$ 10 million for information that leads to Nasab’s identification or location while he’s still at large.

The Islamic Revolutionary Guard Corps ( IRGC), Iran’s armed force responsible for upholding the country’s revolutionary regime, was first exposed by Meta in July 2021 as a Tehran-based business with connections to it.

The activity cluster, which overlaps with Tortoiseshell, has previously been linked to sophisticated social engineering schemes, including attempting to pose as an aerobics instructor on Facebook in an attempt to spread malware on an employee of an aerospace defense contractor.

German law enforcement announced the demise of Crimemarket, a German-speaking illicit trading platform with over 180, 000 users who specialized in the sale of narcotics, weapons, money laundering, and other criminal services.

Authorities also seize mobile phones, IT equipment, one kilogram of marijuana, ecstasy tablets, and €600,000 in cash in connection with the operation, with a 23-year-old man being identified as the main suspect.

Iran is charged with hacking defense organizations, and the United States offers $10 million in information LockBit ransomware gang $15 million bounty

(Opens in a new browser tab)For fifty years, Chinese hackers have been operating unnoticed in critical infrastructure in the United States.For tips on the ALPHV ransomware gang, the US is Voice commands and fry phones are injected by VoltSchemer attacks using wireless chargers.(Opens in a new browser tab)willing to pay up to $15 million.

(Opens in a new browser tab)