The U.S. is accusing four Iranians of hacking defense contractors and targeting military veteran job seekers, an indictment unsealed Tuesday said.
The indictment charges four hackers said to be part of a multiyear cyberwar campaign by Iran’s military against more than a dozen U.S. companies, as well as the State and Treasury departments.
Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani and Alireza Shafie Nasab were members of a hacking organization working on behalf of Iran’s Islamic Revolutionary Guard from 2016 to 2021, the indictment filed in the southern district of New York said.
The four are all at large, and the State Department on Tuesday announced a $10 million reward for information on their whereabouts.
The U.S. also levied sanctions against the four Iranians and two front companies based in Iran that are associated with them, the Treasury Department announced Tuesday.
“Today’s charges pull back the curtain on an Iran-based company that purported to provide ‘cybersecurity services’ while in actuality scheming to compromise U.S. private and public sector computer systems,” Assistant Attorney General Matthew Olsen said in a statement.
The hacking group’s victims were primarily defense contractors cleared by the Pentagon and granted security clearances to access, receive and store classified information, a statement from the Justice Department said Tuesday. The indictment did not identify the contractors.
The hackers used spearphishing tactics in which they tricked people into clicking on a link that would infect their computers with malware, the indictment said. The group also impersonated women to gain the confidence of employees at defense companies before getting them to click on the links.
In one instance, the group is said to have gained access to an administrator email account at a defense contractor and used it to create fake personas and send spearphishing emails to a different contractor.
One campaign by the group compromised more than 200,000 employee accounts, prosecutors said.
The government also accused the group of testing malware intended to target job seekers, with a focus on military veterans.
Wednesday’s sanctions against the group are the latest in a series of blacklisting actions by the U.S. against Iran, which has been engaged in a shadow war in the Middle East with the United States and its allies in the region.