U.S. charges 3 Iranian hackers who allegedly targeted Trump campaign
Federal prosecutors have charged three Iranian hackers for allegedly targeting members of former President Donald Trump's presidential campaign as part of a "wide-ranging" malicious cyber scheme, according to a newly unsealed indictment.
The three defendants — identified in the indictment as Masoud Jalili, Seyyed Ali Aghamiri and Yasar Balaghi — are all members of Iran's Islamic Revolutionary Guard Corps. Prosecutors said they executed a "wide-ranging hacking campaign that used spearphishing and social engineering techniques to target and compromise the accounts of current and former U.S. government officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns."
The 37-page indictment, handed down by a grand jury in Washington, D.C., charges the men with 18 counts, including wire fraud, identity theft, conspiracy to provide material support to a terrorist organization and hacking conspiracy.
The charges mark an escalation in the federal government's work to combat Iran's alleged efforts to interfere in the 2024 presidential election. The State Department quickly offered a $10 million reward for information about the three defendants, and the Treasury Department unveiled new sanctions targeting seven people tied to the Iranian hacking effort.
Charging documents do not name the campaign the defendants allegedly targeted, but U.S. officials have said consistently that Iran is seeking to undermine Trump's bid for the White House. Context included in the indictment makes clear that the Trump campaign was the target of the recent efforts.
"There are few actors in this world that pose as grave a threat to the national security of the United States as does Iran," Attorney General Merrick Garland said Friday. "The message of the U.S. government is clear: the American people, not a foreign power, decide the outcome of our country's election."
The hacking allegations
The indictment laid out a sprawling cyber campaign in which the defendants sought to hack into American computers and steal data. The men worked to "stoke discord, erode confidence in the U.S. electoral process" and "advance the malign activities of the IRGC," the indictment alleged.
Prosecutors said the hackers — all of whom reside in Iran — began their work as early as January 2020, after the U.S. killed Iranian General Qassem Soleimani in a drone strike in Baghdad. The hackers allegedly turned their sights to Trump's political campaign in May of this year. Investigators said they gained access to people associated with the campaign via spearphishing emails and stole private documents and emails, which they then tried to leak to the media and "individuals that the Conspirators believed were associated with" another presidential campaign.
The indictment does not name the other presidential campaign, but its description matches that of President Biden before he dropped out of the race. Garland said Friday that both campaigns cooperated with the investigation and there is no indication anyone from the Biden campaign replied to the hackers' messages. Multiple news outlets have also reported receiving confidential Trump campaign material that appeared to have been stolen.
A Harris-Walz campaign official told CBS News "the materials were not used."
Morgan Finklestein, a national security spokesperson for Harris' election bid, said in a statement that the campaign cooperated with the investigation.
"We're not aware of any material being sent directly to the campaign; a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt," Fiknlestein said. "We condemn in the strongest terms any effort by foreign actors to interfere in U.S. elections including this unwelcome and unacceptable malicious activity. Broadly, we have robust cybersecurity measures in place, and personnel are trained to be vigilant against potentially malicious content."
Described in the indictment as skilled computer hackers with years of experience, the defendants worked for a paramilitary branch of Iran's IRGC known as the Basij. Prosecutors said they launched a years-long campaign to target the email accounts of current and former government officials, including those who worked for the White House, Justice Department, Pentagon and CIA.
The indictment detailed the advanced methods the hackers allegedly used to target their American victims, including the deployment of static IP addresses, the creation of spoof login pages and the use of stolen multi-factor authentication codes to get access to information. In many cases, according to charging documents, the hackers used Iranian infrastructure to create fake U.S. email accounts to communicate with their victims and gain access to their files.
"After establishing their unauthorized access … the [defendants] made efforts to conceal their presence to maintain long-term, persistent access," investigators wrote. They "stole data and campaign material from the victim accounts … and, in some instances, later distributed stolen campaign materials."
On May 23, 2024, the Iranian hackers were said to have targeted Trump's campaign. By June, they had allegedly gained access to the email accounts of at least two unnamed individuals associated with the campaign. Later that month, on June 27, the defendants sent a message to the personal account of an individual they believed to be associated with the Biden campaign.
"I'm the one who has access to [Trump's campaign], but I hate [Trump] and strongly don't want to see his second term," the hackers allegedly wrote. "I'm going to pass some materials to you that would be useful to defeat him."
Investigators said the recipient of the email did not reply to the message. According to the indictment, other alleged attempts to contact the Biden campaign also went unanswered.
Earlier this summer, on July 22, the Iranian hackers shifted their focus to members of the media in an attempt to deploy stolen campaign material about "potential vice presidential candidates." According to prosecutors, the alleged conduct continued into the following month.
In a statement released Friday, FBI Director Christopher Wray characterized the activities as "attempts by a hostile foreign government to steal campaign information from one presidential candidate, and shop it around to that candidate's opponent and the media."
Iran and the 2024 election
The FBI launched investigations earlier this summer after people associated with the Trump and Biden campaigns were the targets of attempted phishing schemes, sources told CBS News in August.
Last week, federal officials with the FBI and other intelligence agencies released a statement confirming that "Iranian malicious cyber actors in late June and early July sent unsolicited emails to individuals then associated with President Biden's campaign that contained an excerpt taken from stolen, non-public material from former President Trump's campaign as text in the emails."
The statement went on to say that "Iranian malicious cyber actors have continued their efforts since June to send stolen, non-public material associated with former President Trump's campaign to U.S. media organizations. … Foreign actors are increasing their election influence activities as we approach November."
Iran's United Nations mission previously denied it was interfering or launching cyberattacks in the U.S. presidential election, telling CBS News in a statement last week that "the Islamic Republic of Iran does not engage in the internal uproars or electoral controversies of the United States." The statement added that Iran "neither has any motive nor intent to interfere in the U.S. election; and, it therefore categorically repudiates such accusations."
Trump's campaign revealed last month that it had been hacked and said Iranian actors were involved in stealing and distributing sensitive internal documents to members of the press.
FBI agents worked with both Google and Microsoft to dig into the apparent spearphishing attacks targeting those close to both presidential campaigns, according to two people familiar with the probe. A report published by Microsoft earlier this summer revealed Iran is evolving its tactics to affect the upcoming election.
Trump and former members of his administration have been targets of Iranian actors following the killing of Soleimani in 2020. Some former officials were given increased protection due to threats against their lives, and in July, federal prosecutors filed charges against a Pakistani national with ties to Iran for allegedly planning to assassinate American politicians, including possibly Trump.
Iran is not the only foreign adversary that U.S. officials say is seeking to undermine the upcoming presidential election. Intelligence agencies have warned Russia and China have launched cyber campaigns of their own to sow chaos, with Russia allegedly seeking to damage Vice President Kamala Harris' bid for the White House.
Speaking at an event hosted by the Atlantic Council on Thursday, Deputy Attorney General Lisa Monaco said the U.S. is "seeing more threat actors getting into the game" of election interference, fueled by advancements in artificial intelligence.
The goal, according to Monaco, is to "sow discord, sow distrust in our election system and undermine confidence in our democratic process."