[TheRecord] US charges Iranian hackers for spoofed Proud Boys emails threatening US voters

The US Department of Justice has charged today two Iranian nationals of attempting to undermine and influence the 2020 US Presidential Election through a series of hacks and influence operations carried out between September and November 2020.

The two suspects, Seyyed Mohammad Hosein Musa Kazemi (24) and Sajjad Kashian (27) stand accused of a list of crimes, detailed below:

Hacked the voter websites for 11 US states – In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately eleven state voter websites, including state voter registration websites and state voter information websites. Those efforts resulted in the successful exploitation of a misconfigured computer system of at least one US state, from where they stole information on more than 100,000 voters, including non-public data.Contacted Republican party members with fake videos of Democrats’ election fraud – In October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the Presidential campaign of Donald J. Trump, White House advisors, and members of the media. The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The False Election Messages were accompanied by a video (the “False Election Video”) carrying the Proud Boys logo, which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (FVAP) for military and overseas voters.Posed as right-wing group ProudBoys, and sent emails threatening Democrat voters to vote for Trump  Also, in October 2020, the conspirators engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website. The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.

Image: Proofpoint

Hacked a US media company – On November 4, 2020, the day after the 2020 US Presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (Media Company-1) computer networks. Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content. However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access, and these log-in attempts failed.

The suspects worked for an Iranian cybersecurity firm

According to court documents, the two suspects conducted their operations while they were employed by an Iranian cybersecurity firm named Eeleyanet Gostar (formerly Emennet Pasargad).

The DOJ said the company is a cybersecurity contractor for the Iranian government.

Besides charges today, the US Treasury Department has also sanctioned the two suspects, along with their employer.

Image: US Treasury Department

Kazemi and Kashian are still at large, believed to be located in Iran. The two were also added to the FBI’s cyber most wanted list, and the US State Department has offered a reward of up to $10 million for information about their whereabouts or which may lead to an arrest.

The post US charges Iranian hackers for spoofed Proud Boys emails threatening US voters appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Neiman Marcus discloses data breach impacting 4.6 million customers

Luxury department store chain Neiman Marcus has disclosed a data breach on Thursday that has exposed the personal information of more than 4.6 million of its customers. The Dallas-based company, which owns three fashion brands and operates 37 stores across major US cities, disclosed the incident in a message posted on its corporate website. According to the […]

Read More

[SecurityWeek] Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability

All posts, Security Week

More than 70 Hikvision camera and NVR models are affected by a critical vulnerability that can allow hackers to remotely take control of devices without any user interaction. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

All posts, HackerNews

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003, the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 […]

Read More