US Charged Three IRGC-Linked Iranian Nationals for Election Interference and Cybercrimes

• The U.S. charged three Iranian nationals and offered a substantial reward for information on the accused or associated entities.
• The individuals’ cybercriminal activities are reportedly part of the IRGC's efforts to manipulate the American public.
• They face several counts, including identity theft and unauthorized computer access.

The U.S. unsealed charges against three Iranian nationals who are allegedly affiliated with the Islamic Revolutionary Guard Corps (IRGC). The three individuals face 18 counts, including conspiracy to commit identity theft, aggravated identity theft, and unauthorized computer access.

The Department of Justice (DoJ) accuses Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi of engaging in cyber activities that aim to undermine the U.S. electoral process and steal sensitive data from current and former officials.

The Iranian operatives have been charged with hacking into accounts belonging to U.S. officials, media members, and campaign-connected individuals. Their activities are reportedly part of a larger IRGC effort to erode trust in U.S. democratic processes and avenge Qasem Soleimani's death.

The indictment outlines the usage of spear-phishing and social engineering tactics to infiltrate and manipulate victim accounts. Fake personas and spoofed login pages were employed to harvest credentials. 

A $10 million reward is offered for information on the accused or associated entities. The U.S. Treasury has imposed sanctions on seven individuals tied to related cyber activities.

The U.S. State Department identified six IRGC-linked Iranian security officials reportedly responsible for the cyberattacks on U.S. water utilities in 2023.

This month, Sweden named the Iranian Anzu group as the orchestrator of a cyberattack targeting a local text messaging service related to the 2023 Quran-burning incidents, saying it allegedly operated under the aegis of IRGC.

The IRGC has been linked with various groups, such as APT33, which targeted the U.S. and U.A.E. with a new custom multi-stage backdoor.

Another Iranian state-backed threat actor was also associated with IRGC – APT42, which targets high-profile accounts of both political campaigns connected to the upcoming U.S. presidential election.