The United States recently took action against Iranian nationals who attempted to interfere in the 2024 and 2020 presidential elections. On September 27, 2024, the Department of the Treasury’s Office of Foreign Assets Control designated seven people for engaging in a variety of malicious cyber activities committed on behalf of Iran’s Islamic Revolutionary Guard Corps (“IRGC”), a group that was designated by the United States as a foreign terrorist organization in 2019. The designations include Masoud Jalili, an IRGC member who allegedly worked with others to compromise email accounts belonging to 2024 U.S. presidential campaign officials and advisors, and then leaked the information to the media in an attempt to undermine U.S. election processes. According to OFAC, Jalili also engaged in a spear-phishing campaign in 2022, in an attempt to compromise the personal accounts of former U.S. officials.
OFAC also designated six employees of Iranian cybersecurity company Emennet Pasargad for attempting to interfere in the 2020 U.S. presidential election by conducting an online operation to intimidate and influence American voters between August and November 2020. Emennet Pasargad (formerly known as Net Peygard Samavat Company) was designated by OFAC in 2019 for supporting the IRGC Electronic Warfare and Cyber Defense Organization, and then again in 2021 for efforts to influence the 2020 U.S. presidential election. The new designations were imposed pursuant to Executive Order 13848 for acting on behalf of the IRGC or Emennet Pasargad, persons whose property and interests in property were blocked pursuant to EO 13848.
On the same day, the U.S. Department of Justice announced that it unsealed an indictment charging three IRGC employees – Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi – for their roles in a widespread hacking conspiracy intended to compromise the personal accounts of individuals associated with U.S. political campaigns, including current and former officials, members of the media, and nongovernmental organizations. According to the indictment, the hacking campaign began in or around January 2020 for the purpose of eroding confidence in the U.S. electoral process and to avenge the death of Qasem Soleimani, the former commander of the IRGC-Qods Force (“IRGC-QF”). The conspiracy allegedly included a “hack-and-leak” operation in which the conspirators shared stolen campaign materials with the media in order to deliberately undermine U.S. presidential campaigns. According to the DOJ, all three co-conspirators were charged for providing material support to a designated foreign terrorist organization and other federal crimes, including conspiracy to commit identity theft; aggravated identity theft; access device fraud; unauthorized access to computer to obtain information from a protect computer; unauthorized access to defraud and obtain a thing of value; and wire fraud while falsely registering domains.
On September 27, 2024, the Federal Bureau of Investigation also added Jalili, Aghamiri and Balaghi to its Most Wanted list. According to the listing, the Department of State’s Rewards for Justice program is offering up to $10 million for information related to the “Three Iranian Cyber Actors” who engaged in a hack-and-leak operation designed to influence the 2024 U.S. presidential election.
U.S. Department of Treasury Press Release | DOJ Press Release | Indictment | U.S. Department of State Press Statement | FBI Most Wanted