US unveils charges against alleged Iranian hackers

The US government has taken decisive action against alleged Iranian cyber attackers, announcing criminal charges and sanctions targeting four individuals and two companies involved in a multi-year cyber campaign. The US Treasury Department and the State Department revealed that the campaign targeted more than a dozen American companies, including defence contractors and entities with access to classified information.

According to federal prosecutors in Manhattan, the corporate targets primarily comprised defence contractors, a New York-based accounting firm, and a hospitality company. The defendants allegedly employed sophisticated tactics such as spearfishing, infecting computers with malware by deceiving email recipients, and impersonating women to gain trust.

Prosecutors revealed that the cyber campaign compromised over 200,000 employee accounts at the accounting firm and more than 2,000 at the hospitality company between 2016 and 2021. US Attorney General Merrick Garland emphasised the severity of cyber threats originating from Iran, highlighting their potential impact on national security and economic stability.

The individual defendants, identified as Hossein Harooni, Reza Kazemifar, Alireza Nasab, and Komeil Salmani, all in their mid-to late-30s, face charges including wire fraud, conspiracy to commit computer intrusions and aggravated identity theft. Despite the charges, the defendants remain at large, underscoring the challenges in prosecuting cyber criminals operating across international borders.