The US Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber campaign aimed at compromising US government and private entities.

More than a dozen entities were reportedly targeted, including the U.S. Departments of Treasury and State, defense contractors that support U.S. Department of Defense programs, and an accounting firm and corporation hotelier, both based in New York.

Alireza Shafie Nasab, 39, claimed to be a cybersecurity specialist for a company named Mahak Rayan Afraz, while participating in a persistent campaign targeting the United States since at least 2016 or around April 2021.

“Alireza Shafie Nasab participated in a cyber campaign using spear phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information,” said U.S. Attorney Damian Williams of the Southern District of New York. York.

The spear phishing campaigns were managed through a custom application that allowed Nasab and his co-conspirators to organize and deploy their attacks.

In one case, threat actors breached the email account of an administrator belonging to an anonymous defense contractor, then exploiting this access to create malicious accounts and send spear phishing emails to employees. another defense contractor and a consulting firm.

Outside of spear phishing attacks, conspirators pose as other people, usually women, to gain victims' trust and deploy malware on victims' computers.

Nasab, while working for the shell company, is allegedly responsible for acquiring the infrastructure used in the campaign using the stolen identity of a real person in order to register a server and email accounts.

He was charged with one count of conspiracy to commit computer fraud, one count of conspiracy to commit wire fraud, one count of wire fraud and one count of spoofing of aggravated identity. If convicted on all counts, Nasab faces up to 47 years in prison.

While Nasab remains at large, the US State Department has announced monetary rewards of up to $10 million for information leading to the identification or location of Nasab.

Mahak Rayan Afraz (MRA) was first exposed by Meta in July 2021 as a Tehran-based company with ties to the Islamic Revolutionary Guard Corps (IRGC), the Iranian armed force charged with defending the revolutionary regime of the country.

The business group, which also overlaps with Tortoiseshell, has previously been linked to elaborate social engineering campaigns, including posing as an aerobics instructor on Facebook in an attempt to infect an employee's machine. 'an aerospace defense contractor with malware.

This development comes as German law enforcement announced the dismantling of Crimemarket, a German-speaking illicit trading platform with more than 180,000 users specializing in the sale of narcotics, weapons, money laundering and other criminal services.

Six people were arrested as part of this operation, including a 23-year-old man considered the main suspect. Authorities also seized cell phones, computer equipment, a kilo of marijuana, ecstasy tablets and 600,000 euros in cash.

