US charges Iranian hackers for spoofed Proud Boys emails threatening US voters


The US Department of Justice has charged today two Iranian nationals of attempting to undermine and influence the 2020 US Presidential Election through a series of hacks and influence operations carried out between September and November 2020.

The two suspects, Seyyed Mohammad Hosein Musa Kazemi (24) and Sajjad Kashian (27) stand accused of a list of crimes, detailed below:

  • Hacked the voter websites for 11 US states – In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately eleven state voter websites, including state voter registration websites and state voter information websites. Those efforts resulted in the successful exploitation of a misconfigured computer system of at least one US state, from where they stole information on more than 100,000 voters, including non-public data.
  • Contacted Republican party members with fake videos of Democrats’ election fraud – In October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the Presidential campaign of Donald J. Trump, White House advisors, and members of the media. The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The False Election Messages were accompanied by a video (the “False Election Video”) carrying the Proud Boys logo, which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (FVAP) for military and overseas voters.
  • Posed as right-wing group ProudBoys, and sent emails threatening Democrat voters to vote for Trump  Also, in October 2020, the conspirators engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website. The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.
ProudBoys-emailsImage: Proofpoint
  • Hacked a US media company – On November 4, 2020, the day after the 2020 US Presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (Media Company-1) computer networks. Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content. However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access, and these log-in attempts failed.

The suspects worked for an Iranian cybersecurity firm

According to court documents, the two suspects conducted their operations while they were employed by an Iranian cybersecurity firm named Eeleyanet Gostar (formerly Emennet Pasargad).

The DOJ said the company is a cybersecurity contractor for the Iranian government.

Besides charges today, the US Treasury Department has also sanctioned the two suspects, along with their employer.

Emennet-Employees-Designated-Pursuant-to-EO-13848Image: US Treasury Department

Kazemi and Kashian are still at large, believed to be located in Iran. The two were also added to the FBI’s cyber most wanted list, and the US State Department has offered a reward of up to $10 million for information about their whereabouts or which may lead to an arrest.

FABI Kasemi most wanted poster

The post US charges Iranian hackers for spoofed Proud Boys emails threatening US voters appeared first on The Record by Recorded Future.

Article Link: US charges Iranian hackers for spoofed Proud Boys emails threatening US voters - The Record by Recorded Future