Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Iran-Linked IRGC Hackers Indicted for Cyber Operations Supporting Kinetic Attacks
Advertisements

The U.S. Department of Justice (DoJ) has unsealed an indictment against two individuals linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) for their roles in a computer intrusion campaign. The actors, Hossein Harooni and Reza Kazemifar, are charged with using cyber operations to steal sensitive U.S. military information to support physical, kinetic targeting operations.

Details of the Cyber Espionage Campaign

According to the indictment, Harooni and Kazemifar conducted a multi-year campaign targeting cleared U.S. defense contractors (CDCs) and a U.S.-based non-governmental organization. The operation relied on social engineering and spearphishing tactics to gain initial access to victim networks. The actors created a fraudulent company named “IT R&D Solutions” and posed as recruiters on social media platforms to lure their targets.

Once inside the networks, the conspirators utilized a custom PowerShell script named ‘Get-Information’ to identify and steal sensitive data. The stolen information included details about the U.S. Air Force’s fleet of over 5,000 aircraft and an Unmanned Aerial Vehicle (UAV) program. This exfiltrated data was then transferred to accounts controlled by the threat actors.

From Cyber Intrusion to Physical Threat

The stolen data was subsequently sold to the IRGC. This information was then used to create and sell a “targeting package” to a foreign entity. The express purpose of this package was to support a kinetic operation directed against U.S. individuals. This case represents a documented instance of cyber operations being directly leveraged to facilitate physical attacks, a practice known as cyber-enabled kinetic targeting.

The indictment charges Harooni and Kazemifar with conspiracy to commit computer intrusions, conspiracy to commit computer fraud, and conspiracy to commit wire fraud. U.S. officials stated that the case is a stark reminder of the global threat posed by Iran’s malicious cyber activities. The alleged actions involved breaking into the computer networks of American companies, stealing highly sensitive information, and selling that information to Iran for a foreign intelligence purpose.

Source: https://securityaffairs.com/184862/apt/cyber-enabled-kinetic-targeting-iran-linked-actor-uses-cyber-operations-to-support-physical-attacks.html