The United States (US) has accused hackers sponsored by Iran of launching disruptive cyberattacks on American companies, including healthcare providers and transportation firms. Furthermore, on Thursday, the US announced criminal charges against two Iranian hackers for launching a cyber disinformation campaign to interfere in the 2020 presidential election.
On Wednesday, the US Cyber and Infrastructure Security Agency (CISA) released a report highlighting “ongoing malicious cyber activity” by groups affiliated with the Iranian government. The report was a joint “analytic effort” by the US Federal Bureau of Investigation (FBI), CISA, the United Kingdom, and Australia.
The report accused “Iranian government-sponsored actors” of targeting critical US and Australian infrastructure sectors. The report also categorised the hackers as an Advanced Persistent Threat (APT), which refers to any state-sponsored actor that gains unauthorised access to a computer network.
CISA said the APT actors are “focused on exploiting known vulnerabilities rather than targeting specific sectors” and are exploiting these vulnerabilities by “follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.” The report also noted that cyberattacks by Iranian APTs have surged since March 2021.
Today, the #FBI, @TheJusticeDept, and our partners announced the indictment of Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, two Iranians who allegedly tried to interfere with the 2020 U.S. presidential election. https://t.co/lBkelrKQAu pic.twitter.com/UodEgSjiJS
— FBI (@FBI) November 18, 2021
A Day after the report was released, the US Justice Department announced criminal charges against two Iranians for meddling in the 2020 presidential election. A statement released by the Justice Department on Thursday noted that the Iranian nationals were indicted for their “involvement in a cyber-enabled campaign to intimidate and influence American voters [and] undermine voter confidence and sow discord.”
The Iranians were further accused of obtaining “confidential US voter information” from state websites and “intimidating” voters by sending them “threatening” emails. They also sent Facebook messages claiming to be members of the far-right group Proud Boys to Republican members of Congress and ex-President Donald Trump’s campaign. The statement added: “The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.”
On Thursday, the US Treasury Department imposed sanctions on “six Iranian individuals and one Iranian entity” for “attempting to influence the 2020 US presidential election.” The Treasury accused Iranian actors of “trying to sow discord and undermine voters’ faith in the US electoral process” through “cyber-enabled intrusions.”
It noted that between August and November 2020, “state-sponsored Iranian cyber actors” launched an online operation to spread disinformation about the US electoral process. “However, the actors’ ability to leverage this unauthorised access was ultimately thwarted by the FBI,” the statement added.
Experts have noted that Iranian cyberattacks, unlike those sponsored by North Korea, are not designed to generate revenue; instead, they are meant to propagate disinformation and harass enemies. Crowdstrike, an American cybersecurity firm, considers Iran to be a “trendsetter” in this new form of cyberattacks, which are “less visible, less costly, and provides more room for deniability.”