The US Department of Justice has announced that three Iranian nationals were indicted on charges of hacking US aerospace and satellite companies.
The accused are Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati who organized a years-long hacking campaign on behalf of the Iranian government.
The hacking spree started in July 2015 and a broad spectrum of victim organizations from both the US and abroad were targeted and commercial information and intellectual property were stolen from them.
As per the court documents, the three hackers created fake online profiles and email accounts to disguise as individuals, usually US citizens, working in the satellite and aerospace fields.
Through the emails which they have created using fake identities, they would contact the persons working at the organizations they wanted to target, and tried to make the victims click on a link in their emails, leading to malware payloads.
Prosecutors stated that the group chose their targets from a list of 1,800 online accounts belonging to individuals associated with aerospace and satellite companies, and even government organizations. The 1,800 individuals are from countries such as Australia, Israel, Singapore, the US, and the UK.
FBI which had investigated these intrusions said that after infecting victims, the hackers used tools like Metasploit, Mimikatz, NanoCore, and a generic Python backdoor to search victim devices for valuable data and to get a foothold on their systems for future access.
According to the US officials, the group was led by Arabi, a 34-year-old who they identified as a member of Iran’s Islamic Revolutionary Guard Corps (IRGC), the country’s de-facto intelligence service. He lived in IRGC housing and listed past hacks on his resume, such as the hack of US and UK companies.
The second member Espargham, is best known for his work as a white-hat security researcher. He maintained a career as a white-hat hacker, currently being part of the OWASP Foundation, an eminent organization in the field of cyber-security. He was famous for his work as a bug hunter, and have disclosed numerous security vulnerabilities.
But US officials stated that Espargham also allegedly lived a double life as a black-hat hacker. He was the leader of the Iranian Dark Coders Team, a group of website defacers and used nicknames such as “Reza Darkcoder” and “M.R.S.CO.”
It is not known how Arabi recruited Espargham, but they started working together to breach aerospace and satellite companies. Espargham provided Arabi with malware and helped in the hacks, and even created a tool named VBScan that scanned vBulletin forums for vulnerabilities.
The third hacker Bayati provided the group with malware to use in their intrusions.
The three hackers remain at large in Iran and are added to the FBI’s Cyber Most Wanted List.