The U.S. Department of Justice has unsealed an indictment against an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a cyber-enabled campaign targeting U.S. governmental and private entities. The campaign, spanning from 2016 to April 2021, aimed to compromise sensitive information from more than a dozen entities, including government departments, defense contractors, and New York-based companies. Nasab, purportedly posing as a cybersecurity specialist for Mahak Rayan Afraz, orchestrated spear-phishing attacks and deployed malware to infect over 200,000 devices, many containing classified defense information.
Nasab faces charges including conspiracy to commit computer fraud, wire fraud, and aggravated identity theft, potentially resulting in a maximum sentence of 47 years in prison if convicted. Despite being at large, the U.S. State Department has offered a reward of up to $10 million for information leading to his identification or location. Mahak Rayan Afraz, Nasab’s alleged employer, was previously identified as a Tehran-based firm linked to the Islamic Revolutionary Guard Corps (IRGC), Iran’s armed force.
This indictment underscores the persistent threat posed by cyber adversaries targeting critical infrastructure and sensitive information in the United States. Nasab’s alleged involvement in spear-phishing campaigns and malware deployment highlights the sophisticated tactics employed by cybercriminals to infiltrate organizations and steal classified data. The collaboration between government agencies and private entities remains crucial in identifying and prosecuting individuals involved in cybercrime activities.
