US charges Iran with hacking officials, including former ambassador to Israel

The US Department of Justice has charged Iran’s Revolutionary Guard Corps with hacking the email accounts of a former US ambassador to Israel and a diplomat involved in the Abraham Accords, reported the Haaretz.

These allegations were revealed in a federal indictment unsealed in Washington on Friday, which charges three Iranian nationals.

According to the indictment, the hacking operation also targeted former senior officials at the White House and the US Department of Defence. Additionally, a former deputy director of the CIA and several journalists were among those affected.

Three Iranian nationals, Masoud Jalili, Seeyed Aghamiri and Yasar Balaghi, are accused of being part of the cyber-espionage arm of Iran’s Revolutionary Guard, involved in “hack and leak” operations since 2018. The US Justice Department’s indictment, unsealed on Friday, alleges they accessed sensitive intelligence, some of which was leaked to the media. These charges are part of a broader Biden administration effort to combat foreign interference in US elections.

It comes after the Biden administration also accused Russia in September of using media outlets and social media influencers to spread disinformation. US Attorney-General, Merrick Garland, warned of similar efforts by Iran to influence the November 2024 election. The indictment further identifies the Iranian companies and infrastructure involved in the hacking, which targeted numerous individuals through spear-phishing.

Between January 2021 and May 2023, the defendants allegedly hacked into the devices of various targets, including Trump campaign members and former US officials with ongoing intelligence access. Notably, two email accounts belonged to a former senior State Department official involved in Middle East policy, while another belonged to a former US ambassador to Israel, now part of a think tank advising on Middle East policy.

According to the Haaretz, the identities of these former officials remain undisclosed.

Devices belonging to Iranian exiles and senior officials from organisations tied to the UAE, a regional rival of Iran, were also hacked. These attacks aimed to gather intelligence but, in some cases, sensitive information was leaked to the media to spread disinformation and influence public opinion.

Two months ago, US journalists were contacted by a person identifying as “Robert”, who shared insider details from Trump’s election campaign, including documents about his vice-presidential pick, JD Vance. Although the documents appeared authentic, the journalists declined to publish them, fearing a foreign influence operation similar to Russia’s interference in the 2016 election, when emails from Hillary Clinton’s campaign were leaked, later revealed to be part of a Russian intelligence operation.

Friday’s indictment links three Iranian hackers to the cyber attacks, with some evidence showing they accessed emails from four officials in one of the current presidential campaigns. Google’s Threat Analysis Group identified veteran Iranian hackers from APT42, a group known for targeting foreign policy and defence officials. This group, active for years, has also conducted hacks against Israel and gathered intelligence in the Arab world.

In 2022, Israel’s Check Point Software Technologies exposed APT42’s involvement in hacking Israeli officials, including former Foreign Minister, Tzipi Livni, and key military figures. The indictment marks the first public identification of individuals involved in these operations.

READ: Iran says its response to Israeli ‘crimes’ will come ‘at right time’