On Thursday, the U.S. government unsealed an indictment charging two Iranian nationals with participating in a cyber-enabled disinformation and threat campaign aimed at undermining the integrity of the 2020 presidential elections. The indictment alleges that they gained unauthorized access to confidential voter information from at least one state election website, constituting a significant breach of cybersecurity protocols aimed at protecting electoral processes.
The individuals involved, identified as Seyyed Mohammad Hosein Musa Kazemi, 24, and Sajjad Kashian, 27, have been charged with multiple counts, including conspiracy to commit computer fraud and abuse, voter intimidation, and the transmission of interstate threats. Additionally, Kazemi faces charges of unauthorized computer intrusion. Notably, both are currently at large, which raises concerns about ongoing risks associated with their potential capabilities.
The Department of Justice (DoJ) characterized the defendants as experienced hackers situated in Iran, alleging that their operations were conducted while they were contractors for an Iranian firm named Emennet Pasargad. The campaign reportedly aimed to create public distrust in the U.S. electoral system and incite division among the American populace.
Between September and October 2020, Kazemi and Kashian allegedly attempted to breach nearly eleven state voter registration and information websites. They successfully exploited a misconfigured system in an undisclosed state, accessing sensitive information on over 100,000 voters. This data was reportedly used to forge “False Election Videos” that suggested the Democratic Party was orchestrating election fraud, thereby manipulating public perception during a critical electoral period.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted that the attackers likely employed methods such as exploiting website misconfigurations and utilizing scripting tools like cURL to facilitate their intrusion. The extracted records were incorporated into propaganda disseminated to various political and media entities.
Additionally, the defendants are accused of sending threatening emails with the intention of intimidating voters. They reportedly gained unauthorized access to an unspecified media company’s network using stolen credentials, aiming to spread misinformation post-election. Fortunately, these efforts were ultimately thwarted, as indicated by the DoJ’s announcements.
In a related matter, the Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Kazemi, Kashian, and four other employees of Emennet Pasargad for their disruptive cyber operations against U.S. interests. The State Department has also offered a reward of up to $10 million for information leading to their apprehension or activities. This indictment follows an advisory issued by CISA and the FBI, which warned of Iranian actors aiming to influence U.S. elections through various disinformation tactics.
Recent alerts from cybersecurity agencies in the U.S., U.K., and Australia have highlighted ongoing threats from Iranian hacking groups. These groups are reportedly exploiting vulnerabilities within industries to exfiltrate sensitive data and deploy ransomware, making it imperative for organizations worldwide to bolster their defenses against similar attacks.
