Arabi and the other two people are accused of using social engineering, rather than sophisticated hacking techniques, to steal sensitive information. Pretending to be employees at the companies, they would entice real staffers or associates to click links that would give the hackers access to private files.
In one email, according to the indictment, the hackers pretended to be a professor who needed satellite imagery for geographic research. In another, prosecutors said they pretended to have started their own satellite imagery company and offered to share the software.
Prosecutors say their target list, assembled in 2015, included more than 1,800 accounts. The hacks are alleged to have happened between that year and 2019.
A spokeswoman for a company that matches the description of one of the victims did not immediately return a request for comment.
“This case highlights the Islamic Revolutionary Guard Corps’ efforts to infiltrate the networks of American companies in search of valuable commercial information and intellectual property,” Assistant Attorney General for National Security John C. Demers said in a statement.
He noted that the case is the third brought this week against alleged Iranian hackers.
Prosecutors in Boston alleged that two men defaced websites with pro-Iran propaganda as retaliation for the January killing of Iranian military leader Qasem Soleimani in a U.S. drone strike.
One of the defaced websites belonged to a small federal library program.
Two others are accused in New Jersey of stealing “highly protected and extremely sensitive” confidential communications from universities, defense contractors, foreign policy organizations, nongovernmental organizations, nonprofits and the governments of Afghanistan and Saudi Arabia. Some of these attacks occurred during negotiations over the 2015 Iranian nuclear deal, according to prosecutors, and were directed by Iran’s leaders.
Prosecutors say the men also stole financial information from Americans, which they used to purchase software that improved their own operational security.
The Treasury Department took action as well, imposing sanctions on 45 Iranians accused of association with a government-backed hacking collective called APT39. The Federal Bureau of Investigation made public specific code used in some of the malware attacks in hopes of alerting potential victims.
Iran was also linked this year to an attempt to disrupt water supplies in Israel.
All of the accused are believed to be living in Iran, which does not honor extradition requests from the United States, or the Palestinian Authority.
Experts predicted a wave of cyberattacks after Soleimani’s death, saying the country would probably see it as a way to get back at the United States without triggering a major response. President Trump has approved cyberattacks in response to Iranian provocations, calling it “proportionate.”
