Iranians Charged in Cyberattacks Against U.S. 2020 Election

The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.

The U.S. Department of Justice has unsealed charges against two Iranian nationals for cyberattacks against the U.S. 2020 presidential campaign, and there’s a $10 million reward offered for information on their activities.

The two men, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, allegedly stole voter information and engaged in intimidation and disinformation aimed at undermining confidence in the election, according to a newly unsealed indictment.

The Department of Justice identified the two as contractors for Iran-based cybersecurity company Emennet Pasargad, formerly Eleyanet Gostar, reportedly a known vendor for the Iranian government.

Kazemi and Kashian allegedly breached at least one state election website and attempted to access 11 others, sent threatening emails to voters, distributed a disinformation video about election infrastructure vulnerabilities, and gained access to a U.S. media company’s network, according to law enforcement.

“As alleged, Kazemi and Kashian were part of a coordinated conspiracy in which Iranian hackers sought to undermine faith and confidence in the U.S. presidential election,” U.S. Attorney Damian Williams for the Southern District of New York said in a statement. “Working with others, Kazemi and Kashian accessed voter information from at least one state’s voter database, threatened U.S. voters via email, and even disseminated a fictitious video that purported to depict actors fabricating overseas ballots.”

Proud Boys Posers

According to the indictment, the two sent Facebook messages and emails purportedly from a “group of Proud Boys volunteers” to Republican Senators, Republican Congressional members and individuals working inside the Donald Trump Presidential Campaign. The messages conveyed false warnings that the Democrats planned to “edit mail-in ballots or even register non-existent voters,” the indictment said.

The emails also contained a video called the “False Election Video” emblazoned with the Proud Boys logo, attempting to show how electronic voting information might be tampered with in an effort to sow discord in the run-up to the 2020 U.S. presidential election.

Kazemi and Kashian are accused of breaching a media company’s network to gain control and to distribute additional election disinformation on election day.

The two, along with two additional leaders of Emennet Pasargad, face personal sanctions through the U.S. Department of Treasury. The Department of State is also offering a $10 million reward for information about Kazemi or Kashian.

The two remain out of American law enforcement’s reach in Iran, which doesn’t have an extradition agreement with the United States.

The Iranian government widely uses cyberattacks against U.S. interests. Last summer, the Iranian Revolutionary Guard reportedly launched a catfishing attack against a defense contractor. In October, another Iranian group targeted U.S. and Israeli defense technology companies with password-spraying attacks.

And just days ago, the Cybersecurity and Infrastructure Agency (CISA) joined with the Australian Cyber Security Centre (ACSC) and the UK’s National Cyber Security Centre (NCSC) to issue an alert that Iranian state actors were exploiting known Fortinet and Microsoft Exchange vulnerabilities to breach networks and launch attacks.

This latest accusation of election tampering is yet another show of strength by the United States in its ongoing cyberwar with Iran.

“The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections,” Williams added. “As a result of the charges unsealed today, and the concurrent efforts of our U.S. government partners, Kazemi and Kashian will forever look over their shoulders as we strive to bring them to justice.”

Image courtesy of Vox Efx via Wikimedia Commons.
Creative Commons license.

Cybersecurity for multi-cloud environments is notoriously challenging. OSquery and CloudQuery is a solid answer. Join Uptycs and Threatpost for “An Intro to OSquery and CloudQuery,” an on-demand Town Hall with Eric Kaiser, Uptycs’ senior security engineer, and find out how this open-source tool can help tame security across your organization’s entire campus.

Register NOW for the on-demand event!

Suggested articles

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.