An Iranian person was the target of an alleged multi-year cyber-enabled campaign by the U.S. Department of Justice (DoJ) on Friday, when the DoJ unsealed an indictment against him. The campaign was intended to breach both private and governmental entities in the United States.
According to reports, over a dozen organisations have been targeted, including the US Departments of State and Treasury, defence contractors that assist with US Department of Defence initiatives, and two New York-based businesses—one that provides hospitality services and the other an accounting firm.
The 39-year-old Alireza Shafie Nasab engaged in a sustained campaign against the United States starting at least in or around 2016 and continuing until or around April 2021, claiming to be a cybersecurity specialist for a business called Mahak Rayan Afraz.
U.S. Attorney Damian Williams for the Southern District of New York stated, “As alleged, Alireza Shafie Nasab participated in a cyber campaign using spear-phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defence information.”
An unique application that was used to oversee the spear-phishing campaigns allowed Nasab and his accomplices to plan and carry out their attacks.
In one case, the threat actors gained access to an administrator email account of an unidentified defence contractor. They then used this account to create rogue accounts and send spear-phishing emails to staff members of a consulting firm and another defence contractor.
In addition to spear-phishing operations, the conspirators have assumed the identities of other people—usually women—in order to gain the trust of victims and infect their computers with malware.
While employed by the front company, Nasab is thought to have been in charge of obtaining the infrastructure needed for the campaign by registering a server and creating email accounts using a genuine person’s identity that was stolen.
One count each of conspiracy to commit computer fraud, conspiracy to commit wire fraud, one count of wire fraud, and one count of aggravated identity theft have been brought against him. If found guilty on all counts, Nasab might spend up to 47 years behind bars.
The United States State Department has announced financial rewards of up to $10 million for information leading to the identification or location of Nasab, even though the spacecraft is still at large.
In July 2021, Mahak Rayan Afraz (MRA) was initially revealed by Meta to be a Tehran-based company with connections to the Islamic Revolutionary Guard Corps (IRGC), the Iranian military’s unit tasked with protecting the nation’s revolutionary government.
The activity cluster—which also happens to overlap with Tortoiseshell—has been connected in the past to sophisticated social engineering schemes, such as assuming the identity of an aerobics instructor on Facebook in an effort to install malware on an aerospace defence contractor employee’s computer.
This news coincides with the announcement made by German law enforcement that Crimemarket, an illegal marketplace with over 180,000 members that catered to the sale of firearms, drugs, money laundering, and other criminal activities, had been shut down.
In connection with the operation, six people—including a 23-year-old who is thought to be the primary suspect—have been taken into custody. Authorities have also seized €600,000 in cash, mobile phones, IT equipment, one kilogramme of marijuana, and ecstasy tablets.
This news coincides with the announcement made by German law enforcement that Crimemarket, an illegal marketplace with over 180,000 members that catered to the sale of firearms, drugs, money laundering, and other criminal activities, had been shut down.
In connection with the operation, six people—including a 23-year-old who is thought to be the primary suspect—have been taken into custody. Authorities have also seized €600,000 in cash, mobile phones, IT equipment, one kilogramme of marijuana, and ecstasy tablets.