Three Iranian nationals suspected of working with the Islamic Revolutionary Guard Corps (IRGC) are accused of meddling in the US election and cyber attacks, including hacking the accounts of US officials and distributing stolen information. They face 18 charges and the US government has announced a reward of up to $10 million for information on their whereabouts.
According to the US Department of Justice, Masoud Jalili, Seyed Ali Aghamiri and Yasar Balaghi, who are part of the IRGC, participated in a conspiracy to hack the accounts of US officials and distribute the stolen data through the media and campaigns of other candidates. The attacks began in January 2020, when hackers used phishing and social engineering techniques to gain access to accounts. They also reportedly set up fake login pages and used stolen data to compromise other accounts.
IRGC operatives have also engaged in SMS spoofing and SIM swapping campaigns to bypass the multi-factor authentication system. They developed phishing pages targeting privileged accounts in cloud systems such as Microsoft Entra ID and AWS EC2. In addition, attackers abused cloud platforms, including Azure administration consoles and other tools to maintain continuous access to systems.
These actions are part of Iran’s long-term strategy to undermine confidence in the US election process and obtain sensitive information to advance its interests. The US Treasury also imposed sanctions on several Iranian nationals linked to these actions.