Islamic Revolutionary Guard Corps (IRGC) (Credit: Shutterstock)
US charges three Iranian hackers for cyberattacks on diplomats
Three members of Iran's Revolutionary Guard Corps (IRGC) have been charged by the US Department of Justice for allegedly carrying out a series of high-profile cyberattacks targeting American diplomats, former government officials, and members of a presidential campaign.
The individuals charged, Masoud Jalili, Seeyed Aghamiri, and Yasar Balaghi, are believed to be part of the IRGC’s cyber-espionage division, a unit that has been conducting "hack and leak" operations since at least 2018, Middle East Monitor reported.
Their most recent targets include a former US ambassador to "Israel", a diplomat involved in the Abraham Accords, and a broader array of senior US officials.
The indictment outlines a sophisticated operation that used spear-phishing emails to infiltrate devices and email accounts.
Between January 2021 and May 2023, the hackers gained access to emails of individuals still active in US foreign policy circles, including two former senior officials involved in Middle East policy at the State Department. A former deputy director of the CIA and multiple journalists were also among the victims of this campaign.
In some instances, information obtained through these cyberattacks was leaked to media outlets in an apparent attempt to influence public opinion, especially in the lead-up to US elections.
The charges against the Iranian hackers are part of a broader effort by the Biden administration to address foreign interference, as concerns over such activities continue to grow ahead of the 2024 election.
Attorney General Merrick Garland emphasized that the US government will continue to take strong action against foreign actors attempting to meddle in American politics. His comments followed a similar set of allegations against Russia, which the US accused of using disinformation campaigns through social media influencers and news outlets to sway political discourse.
The hackers, allegedly operating under Iran’s Revolutionary Guard, have been linked to APT42, an advanced persistent threat group that has been active in cyber-espionage for several years.
Google’s Threat Analysis Group identified the attackers as part of this well-established Iranian unit, known for targeting officials involved in defense and foreign policy across multiple nations.
APT42 has previously been implicated in hacks on "Israeli" and Arab leaders, with a particular focus on obtaining intelligence from countries in the Middle East.
In 2022, "Israeli" cybersecurity firm Check Point exposed APT42’s role in hacking prominent "Israeli" figures, including former Foreign Minister Tzipi Livni. The group has also targeted officials in the UAE, one of Iran’s regional rivals, as part of broader efforts to gather intelligence and potentially disrupt diplomatic efforts in the region.
The Justice Department’s charges against the three Iranian nationals mark a rare public disclosure of individuals directly involved in cyber-espionage activities.
The indictment includes detailed accusations that the hackers attempted to access communications from at least four officials in one of the ongoing US presidential campaigns. Their aim, according to investigators, was to use stolen information to influence the outcome of the election.