Security News > 2024 > March > Iranian charged over attacks against US defense contractors, government agencies

The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies.

"Nasab participated in a cyber campaign using spear phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information," said Damian Williams, US Attorney for the Southern District of New York.

According to [PDF] the DoJ, Nasab and his accomplices primarily targeted US contractors cleared to work with the Department of Defense, though not exclusively.

It's claimed that Nasab's crew compromised an administrator email account belonging to a defense contractor, which was used to register a pair of fake accounts used to target employees at another contractor, as well as a consulting firm.

If convicted on all counts, Nasab could face up to 47 years in prison, though the US might have trouble finding him.

Nasab, a citizen of Iran, remains at large and the Department of State's Rewards for Justice Program is offering $10 million for information leading to identification or Nasab's whereabouts.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/01/iranian_cyberattack_charges/