TLDR:
- The U.S. Department of Justice indicted an Iranian hacker for cyber-enabled campaigns targeting U.S. entities.
- Alireza Shafie Nasab, the hacker, is accused of using spear-phishing and hacking techniques to compromise victim devices.
- Nasab faces multiple charges and a $10 million reward has been offered for his capture.
The U.S. Department of Justice (DoJ) recently unsealed an indictment against Alireza Shafie Nasab, an Iranian national, for his involvement in a cyber-enabled campaign targeting U.S. governmental and private entities. Nasab, claiming to be a cybersecurity specialist, allegedly used spear-phishing and hacking techniques to infect over 200,000 victim devices with malware, including sensitive defense information. The campaign targeted entities such as the U.S. Departments of the Treasury and State, defense contractors, and New York-based companies.
Nasab has been charged with conspiracy to commit computer fraud, wire fraud, and aggravated identity theft, with a potential prison sentence of up to 47 years if convicted on all counts. The U.S. State Department has announced a $10 million reward for information leading to Nasab’s identification or location. Nasab is believed to have procured infrastructure for the campaign while working for a company associated with the Islamic Revolutionary Guard Corps (IRGC) in Iran.
In addition to posing as women to build trust with victims and deploy malware, Nasab and his co-conspirators used a custom application to organize and deploy spear-phishing attacks. The indictment marks another instance of international cyber threats facing the U.S., with Nasab remaining at large at the time of the announcement. The development comes amidst a takedown of a German illicit trading platform involved in various criminal activities.