Iranian Hacker Group Posed Threat to US Midterms

US media report­ed in the runup to the US midterm elec­tions that an Iran­ian hack­er group was pos­ing a threat. Accord­ing to the report, the group oper­ates from the Iran­ian cyber­se­cu­ri­ty firm Emen­net Pasar­gad on behalf of the Iran­ian government:

Oct 28, 2022 With the 2022 midterms now just days away, there are con­cerns that for­eign actors could be work­ing to under­mine the U. S. elec­tions process. This month, the FBI warned that an Iran­ian gov­ern­ment-tied hack­er group that pre­vi­ous­ly tried to inter­fere in the 2020 elec­tion is cur­rent­ly active, and could pose a seri­ous threat. The group is believed to oper­ate from the Iran­ian cyber­se­cu­ri­ty firm Emen­net Pasar­gad, and the group works at the behest of Tehran. The group has con­duct­ed a num­ber of hack-and-leak cyber oper­a­tions against Israeli inter­ests, but also hacks orga­ni­za­tions and leaks poten­tial­ly sen­si­tive mate­r­i­al online using made-up “hack­tivist” per­sonas via social media. It also used many of those same tech­niques to tar­get U. S. enti­ties dur­ing the 2020 Pres­i­den­tial elec­tion. The group is believed to be behind a cam­paign that was meant to intim­i­date and influ­ence Amer­i­can vot­ers, and oth­er­wise under­mine vot­er con­fi­dence and sow dis­cord. Though Tehran denied involve­ment in the cam­paign to influ­ence the out­come of the 2020 elec­tion, the U. S. Depart­ment of Jus­tice (DOJ) sub­se­quent­ly charged two Iran­ian nation­als for their efforts to com­pro­mise vot­er reg­is­tra­tion in 11 states. In 2021, the Depart­ment of the Trea­sury also sanc­tioned the Iran­ian firm, along with six Ira­ni­ans affil­i­at­ed with it. Accord­ing to the DOJ, the two indi­vid­u­als, Seyyed Moham­mad Hosein Musa Kaze­mi and Saj­jad Kashi­an, obtained con­fi­den­tial U. S. vot­er infor­ma­tion from at least one state elec­tion web­site; sent threat­en­ing email mes­sages to intim­i­date and inter­fere with vot­ers; cre­at­ed and dis­sem­i­nat­ed a video con­tain­ing dis­in­for­ma­tion about pur­port­ed elec­tion infra­struc­ture vul­ner­a­bil­i­ties; attempt­ed to access, with­out autho­riza­tion, sev­er­al states’ vot­ing-relat­ed web­sites; and suc­cess­ful­ly gained unau­tho­rized access to a U. S. media company’s com­put­er net­work. The pair is believed to have car­ried out their efforts between August and Novem­ber 2020.

Read the rest here.

In Feb­ru­ary, the Glob­al Influ­ence Oper­a­tions Report (GIOR) report­ed that the State Depart­ment was offer­ing was $10 mil­lion reward for infor­ma­tion on two hack­ers who alleged­ly par­tic­i­pat­ed in an Iran­ian state-spon­sored cyber oper­a­tion tar­get­ing the 2020 US pres­i­den­tial election.