US charges alleged Iranian hackers with scheme to steal aerospace, satellite data

Written by

The Department of Justice on Thursday unsealed an indictment charging three Iranian men in connection with a scheme to steal critical data from U.S. aerospace and satellite companies — the latest in a string of U.S. charges against suspected Iranian hackers.

U.S. prosecutors accused the three men of “engaging in a coordinated campaign of identity theft and hacking” on behalf of Iran’s Islamic Revolutionary Guard Corps. The scheme allegedly spanned more than three years, through February 2019, and a target list of over 1,8000 online accounts comprising aerospace and satellite companies and government organizations, from the U.S. to the United Kingdom to Israel.

Said Pourkarim Arabi, 34, Mohammad Reza Espargham, 25, and Mohammad Bayati, 34, allegedly impersonated Americans working in the aerospace and satellite industries by registering email addresses in their names and then sending other people in those industries spearphishing emails. With access to a target computer, the men allegedly used other hacking tools to gain greater privileges on the computer and hunt for data sought by the IRGC and then exfiltrate it.

Separately on Thursday, the U.S. Treasury Department announced sanctions against dozens of Iranians, including alleged members of hacking group known as APT39, for allegedly targeting Iranian dissidents and journalists. Those hackers are accused of operating on behalf of Iran’s Ministry of Intelligence.

APT39 “has focused heavily on the telecommunications and travel industries as part of an effort to collect customer data and personal information on targets of interest,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence. “These efforts could threaten the customers of victim organizations who may then be physically endangered by the Iranian security services.”

It’s the latest update in an aggressive crackdown on Iranian hacking this week that has been a coordinated effort across multiple U.S. government agencies.

“You’ve seen a series of actions against Iranian cyber actors this week really covering the gamut of different agencies, different parts of Iran that are involved in malicious cyber activity,” an FBI official told CyberScoop.

The Department of Justice on Wednesday announced charges against two other Iranian citizens for allegedly conducting cyber-espionage operations at the behest of the Iranian government. The two men allegedly targeted American universities and a U.S defense contractor, among other organizations, and stole hundreds of terabytes of data. On Tuesday, U.S. officials accused an Iranian teenager of retaliating for the U.S. killing of a top Iranian general by defacing dozens of websites (he was not accused of acting on behalf of the Iranian government.)

The FBI official, speaking on the condition of anonymity to discuss the FBI’s role in the process, said the indictments, sanctions and other responses from U.S. agencies show “how we can coordinate and sequence those [to have] maximum impact. We hope those coordinated actions not only have an impact individually, but also importantly send that message that we don’t condone this type of activity.”

Iran has repeatedly denied conducting cyberattacks. The Iranian mission to the United Nations did not immediately respond to a request for comment on the charges.

The latest indictment is available in full below.