US Charged Three IRGC-Linked Iranian Nationals for Election Interference and Cybercrimes

Published on September 30, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor
Created using Copilot | Powered by DALL.E 3

The U.S. unsealed charges against three Iranian nationals who are allegedly affiliated with the Islamic Revolutionary Guard Corps (IRGC). The three individuals face 18 counts, including conspiracy to commit identity theft, aggravated identity theft, and unauthorized computer access.

The Department of Justice (DoJ) accuses Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi of engaging in cyber activities that aim to undermine the U.S. electoral process and steal sensitive data from current and former officials.

The Iranian operatives have been charged with hacking into accounts belonging to U.S. officials, media members, and campaign-connected individuals. Their activities are reportedly part of a larger IRGC effort to erode trust in U.S. democratic processes and avenge Qasem Soleimani's death.

The indictment outlines the usage of spear-phishing and social engineering tactics to infiltrate and manipulate victim accounts. Fake personas and spoofed login pages were employed to harvest credentials. 

Iranian Cyber Actors - Seyyed Ali Aghamiri(L), Yasar Balaghi(C), and Masoud Jalili(R) | Source: FBI

A $10 million reward is offered for information on the accused or associated entities. The U.S. Treasury has imposed sanctions on seven individuals tied to related cyber activities.

The U.S. State Department identified six IRGC-linked Iranian security officials reportedly responsible for the cyberattacks on U.S. water utilities in 2023.

This month, Sweden named the Iranian Anzu group as the orchestrator of a cyberattack targeting a local text messaging service related to the 2023 Quran-burning incidents, saying it allegedly operated under the aegis of IRGC.

The IRGC has been linked with various groups, such as APT33, which targeted the U.S. and U.A.E. with a new custom multi-stage backdoor.

Another Iranian state-backed threat actor was also associated with IRGC – APT42, which targets high-profile accounts of both political campaigns connected to the upcoming U.S. presidential election.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: