Security News > 2024 > March > Iranian charged over attacks against US defense contractors, government agencies
The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies.
"Nasab participated in a cyber campaign using spear phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information," said Damian Williams, US Attorney for the Southern District of New York.
According to [PDF] the DoJ, Nasab and his accomplices primarily targeted US contractors cleared to work with the Department of Defense, though not exclusively.
It's claimed that Nasab's crew compromised an administrator email account belonging to a defense contractor, which was used to register a pair of fake accounts used to target employees at another contractor, as well as a consulting firm.
If convicted on all counts, Nasab could face up to 47 years in prison, though the US might have trouble finding him.
Nasab, a citizen of Iran, remains at large and the Department of State's Rewards for Justice Program is offering $10 million for information leading to identification or Nasab's whereabouts.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/01/iranian_cyberattack_charges/
Related news
- Defense strategies to counter escalating hybrid attacks (source)
- US freezes foreign aid, halting cybersecurity defense and policy funds for allies (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)