Four Iranian Hackers Charged With Cyberattacks On American Firms
Read also: Samourai Wallet founders charged with money laundering, German police shut down a DDoS-for-hire service, and more.
Thursday, April 25, 2024
Four Iranian nationals charged with multi-year cyber campaign targeting US entities
The US authorities have charged four Iranian men for their alleged involvement in a multi-year hacking operation targeting government and private entities, including the US Department of Treasury and State, defense contractors, and several New York-based companies.
The accused were said to be part of a hacking organization that orchestrated coordinated computer intrusions from 2016 through April 2021. The group’s primary attack vectors included spearphishing and social engineering tactics, such as impersonation, to deceive and gain the trust of their victims, often impersonating individuals, particularly women, to deploy malware onto target computers and compromise accounts.
According to authorities, the hackers managed to compromise over 200,000 employee accounts in one instance and targeted 2,000 employee accounts in another. The four accused have been identified as Reza Kazemifar (he was tasked with testing tools for the group), Hossein Harooni (responsible for running the online network infrastructure used in the cyber intrusions), Komeil Baradaran Salmani (responsible for testing tools for spearphishing campaigns and maintaining infrastructure), and Alireza Shafie Nasab, whose role involved procuring infrastructure, including registering server and email accounts using false identities.
At present, all four defendants are on the loose. The US State Department has announced a reward of up to $10 million for information on the alleged hackers and two Iran-based front companies.
Request your free demo now and talk to our experts.
Founders of Samourai Wallet cryptomixer accused of laundering over $100M in cybercrime proceeds
The founders and CEO of the mobile cryptocurrency-mixing wallet known as ‘Samourai Wallet’ have been apprehended and charged with offenses related to their cryptocurrency-mixing service. Keonne Rodriguez and William Lonergan Hill have been accused of conspiracy to commit money laundering and operate an unlicensed money-transmitting business.
The authorities allege that the defendants were involved in the development, marketing, and operation of a cryptomixer, which executed over $2 billion in illegal transactions and helped to launder over $100 million obtained via illegal activities, including the criminal proceeds from underground markets such as Silk Road and Hydra Market, web-server intrusions and spearphising operations, as well as schemes aimed at defrauding multiple decentralized finance protocols.
In cooperation with Iceland’s law enforcement, authorities seized Samourai’s web servers and domain. A seizure warrant for Samourai’s mobile application was executed on the Google Play Store.
If found guilty both Rodriguez and Hill could face up to 25 years in prison for their crimes.
A botnet operator indicted for a cybercrime spree in the United States
A Moldovan national has been indicted by a federal grand jury in Pittsburgh for a series of computer fraud crimes, aggravated identity theft, and conspiracy to commit wire fraud. The nine-count indictment targets Alexander Lefterov, also known as “Alipako,” “Uptime,” and “Alipatime.”
According to the indictment, Lefterov and his co-conspirators created and operated a botnet comprising thousands of compromised computers scattered throughout the United States.
The hackers pilfered victims’ login credentials, comprising usernames and passwords, from the hijacked computers. They then used the stolen credentials to infiltrate victim accounts in financial institutions, payment processors, and retail stores to siphon money from unsuspecting victims. Lefterov and his allies also rented the botnet to other cybecriminals, granting them access to compromised systems, and helped spread malware, including ransomware.
Lefterov is charged with conspiracy to commit computer fraud, unauthorized access to a protected computer to obtain information for financial gain, and conspiracy to commit wire fraud, each carrying a maximum penalty of five years in prison. Additionally, the intentional damage to a protected computer offense carries a maximum penalty of 10 years in prison.
German police shut down the Stresser.tech DDoS-for-hire service
German law enforcement, in collaboration with international partners, shut down a DDoS-for-hire service named Stresser.tech. The operation was part of the ongoing “PowerOFF” initiative, aimed at dismantling internet services that facilitate distributed denial-of-service (DDoS) attacks.
The Saxon police together with a US investigative authority have dismantled Stresser.tech’s infrastructure. The platform allowed cybercriminals to purchase DDoS attacks, enabling them to overload targeted websites with traffic from numerous computers.
One notable incident occurred on September 28, 2023, when the website of the Saxon police fell victim to a DDoS attack initiated through the Stresser.tech platform. The attack, which lasted approximately half an hour, rendered both the Saxon police’s website and the online watch service unavailable.
In other news, the Dutch police apprehended two individuals suspected of launching multiple DDoS attacks on a local company, causing over €150,000 in damage.
Ukrainian police bust a scam center that defrauded Czech citizens
Ukrainian law enforcement authorities have dismantled a fraudulent call center operating in Odessa, that targeted citizens of the Czech Republic, causing approximately 5.5 million hryvnias (~139,000) in losses.
The scammers used virtual telephony services, masking their numbers, and targeted victims, posing as officials from the state banking regulatory authority.
During the calls, they coerced victims into providing remote access to their phones or computers or divulging their bank card details, subsequently transferring funds to controlled accounts. The stolen funds were then converted into cryptocurrency or laundered to purchase luxury vehicles and real estate. The police conducted a series of raids, resulting in the arrest of nine suspects, the seizure of computers, and mobile phones containing evidence of criminal activity. The suspects were charged with large-scale fraud. They face up to twelve years of imprisonment, along with the confiscation of their assets.
In other news, a joint effort involving the Spanish police, Europol and the Spanish Attaché Office in Romania has dismantled an international criminal syndicate specializing in online scams. The organization, based in Romania, sent members to Spain to obtain Spanish telephone cards and open bank accounts using stolen identities. These accounts were then used to carry out various online scams, including vehicle sales and property rentals.
Over 200 victims have been identified in Spain alone, with additional victims found in Poland and France. Nine individuals have been arrested and charged with crimes including criminal organization, fraud, and money laundering.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
