The US has identified three Iranians who allegedly hacked Donald Trump’s presidential campaign to steal confidential documents. On Friday, federal prosecutors unsealed an indictment against the three suspects for conducting a “wide-ranging hacking campaign,” that targeted political campaigns, US government officials, and media groups starting in 2020. The three Iranians—Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi—allegedly work for the country’s Islamic Revolutionary Guard Corps, which is part of the Iranian military. The trio have been working “to stoke discord, erode confidence in the US electoral process” and steal information from current and former US officials, the 37-page indictment claims.
(Credit: DOJ)
Most recently, this includes breaching Trump’s campaign in June and then leaking the stolen campaign materials to the press. On Thursday, one of the documents, a research report on Trump’s VP nominee, JD Vance, was leaked online, which prompted X/Twitter to crack down on sharing the stolen material. To pull off the hacks, the Iranians have created fake email accounts to impersonate high-profile organizations and people, including current and former US government officials.“These persona accounts were designed to trick recipients of emails from the persona accounts into believing that they were interacting with a trusted or known source,” the indictment says. “In fact, the persona accounts were used to send spear phishing emails—that is, emails designed to further deceive the victim into clicking a link or opening an attachment that would download malware or navigate to a malicious website to compromise victim computers and accounts.”The hacking activities targeted both personal and official email accounts to “dozens of senior, current and former prominent public officials,” along with their aides and assistants. Officials targeted included those at the White House, NSA, Justice Department, CIA, and the Department of Defense, among others. It’s unclear how many of these hacking campaigns succeeded. But the indictment notes the three Iranians were able to successfully compromise “numerous persons and entities,” including a former official at the US State Department, a former Homeland Security advisor, and a former deputy director at the CIA, along with several other unnamed figures.
(Credit: DOJ)
The indictment also hints that the Iranians hacked four officials with the Trump campaign, which is referred to as “US Presidential Campaign 1” in the document. This allowed the trio “to steal campaign material, including debate preparation material,” and documents about Trump’s potential vice-presidential candidates.
Recommended by Our Editors
Using email, the Iranians then attempted to leak the stolen documents to the presidential campaign of Kamala Harris and to journalists. In a statement, FBI Director Christopher Wray noted: “While there’s no indication any of the recipients of the stolen campaign information replied, Iran’s intent was clear — to sow discord and shape the outcome of our elections.”To evade detection, the Iranians used VPNs, which can reroute internet traffic through servers based in the US or other countries. Still, federal investigators were able to identify the hackers, according to the indictment, which includes photos of the suspects. The indictment suggests US law enforcement subpoenaed access to the fake email accounts used by the Iranians.
(Credit: DOJ)
However, federal prosecutors didn’t call for the arrest of the three suspects, likely because they’re based in Iran. Instead, the State Department has issued an up to $10 million reward for information on the three suspects. In addition, the Treasury Department announced it is sanctioning one of the suspects, Masoud Jalili, along with six other Iranians for allegedly trying to interfere in the 2024 and 2020 US presidential elections. The sanctions ban US businesses and persons from making business deals or transactions with any of the named Iranians.
Do You Need a VPN?
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.
Read Michael’s full bio
Read the latest from Michael Kan