The US Department of Justice (DoJ) indicted three Iranian nationals accused of orchestrating a ‘hack and leak’ scheme targeting both the Trump and Biden campaigns as part of an effort to influence the upcoming 2024 US presidential election. The three individuals identified as Masoud Jalili (36), Seyyed Ali Aghamiri (34), and Yaser Balaghi (37) are believed to have been working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), which the US designated as a foreign terrorist organization in 2019.

The hacking campaign was not limited to the presidential candidates but also targeted current and former senior government officials, think tank personnel, journalists, activists, and lobbyists, the DoJ said. The group’s hacking activities reportedly began in 2019 and have continued through this year.

Jalili, Aghamiri, and Balaghi allgedly employed a wide range of hacking techniques, including spearphishing, social engineering, and spoofing login pages, to gain unauthorized access to their victims' accounts. As of May 2024, the conspirators shifted their focus to individuals associated with one of the US presidential campaigns, using the stolen information, including non-public campaign documents and emails, in a “hack-and-leak” operation aimed at undermining the campaign.

The wide-ranging cyber operations allegedly used virtual private networks (VPNs) and virtual private servers (VPSs) to obscure the attackers' locations, with fraudulent emails and spoofed login pages used to steal credentials and multi-factor authentication codes. While some attempts were successful, others were thwarted.

The charges against the three men include conspiracy to commit identity theft, wire fraud, unauthorized access to protected computers, and conspiracy to provide material support to a foreign terrorist organization. If convicted, they face penalties ranging from 12 to 27 years for multiple counts, as well as a mandatory minimum of two years for aggravated identity theft charges.