U.S. Charges Iranians With Hacking Trump Campaign
The indictment highlighted the heightened threat posed by hostile international actors — Iran, Russia and China chief among them — who hope to disrupt the U.S. election.
by https://www.nytimes.com/by/glenn-thrush, https://www.nytimes.com/by/david-e-sanger · NY TimesA federal grand jury in Washington has indicted three members of a cyberespionage unit associated with Iran’s Revolutionary Guards Corps for mounting wide-ranging attacks targeting politicians, officials and journalists that led to the hacking of the Trump campaign this summer.
The Iranians unleashed a barrage of malicious emails to a wide array of targets over the past four years, hoping to gain access to email accounts and databases. In 2024, the group, linked to Iranian military intelligence, sharpened its focus to undermine former President Donald J. Trump, whom they regard as their most implacable enemy, according to an indictment unsealed on Friday.
The attacks were “part of Iran’s continuing efforts to stoke discord, erode confidence in the U.S. electoral process and unlawfully acquire information related to former and current U.S. officials,” prosecutors wrote.
The hackers — identified in the indictment as Masoud Jalili, Seeyed Aghamiri and Yasar Balaghi — all live in Iran, making it unlikely they would face justice in an American courtroom. They have been charged with wire fraud, identity theft, providing material support to a terrorist organization and a variety of cybercrimes.
“The defendants’ own words made clear that they were attempting to undermine former President Trump’s campaign in advance of the 2024 U.S. presidential election,” Attorney General Merrick B. Garland said during a news conference.
The influence campaign described in the indictment suggests that Iran’s cyberskills and ambitions have expanded sharply in recent years, learning from techniques that Russia and China have mastered. It suggests rapid progress over the past 15 years, when Iran created its first “cybercorps,” partly in response to a successful American-Israeli breach into its nuclear production facility at Natanz, destroying hundreds of the country’s nuclear centrifuges.
In the 2016 election, Iran was barely capable of initiating a successful cyberattack, and in 2020, its interventions were clumsy. But by this June, it was able to provide people in President Biden’s camp “final prep” materials from the Trump campaign on the day of the first presidential debate, prosecutors said.
The indictment, while expected, highlighted the heightened threat posed by hostile international actors, using cyberattacks in hopes of disrupting the U.S. election and intimidating domestic dissidents abroad. But those three powers, Iran, Russia and China, partners in many arenas, are pursuing different strategies. Russia has been intervening on Mr. Trump’s behalf, intelligence officials say, while Iran has opposed him. China has not taken a clear side, but has worked to advance its interests more broadly.
From 2020 to May 2024, the three men named in the filing, all experienced hackers, targeted dozens of current and former officials at the White House, National Security Council, Defense Department, C.I.A. and a former U.S. ambassador to Israel — “apparently without success,” according to the 37-page indictment.
They also tried to compromise the account of at least two journalists as well as members of international nongovernmental organizations, think tanks based in Washington, foreign intelligence agencies, human rights groups, officials with Afghanistan’s government and United Nations personnel, mostly without success.
Iran’s mission to the United Nations has repeatedly denied the accusations. “The Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election,” it said in a statement last month when U.S. intelligence officials publicly accused Iran of hacking the Trump campaign.
The indictment did not identify the Trump campaign officials whose accounts had been hacked, but one person targeted was Susie Wiles, a senior adviser to the former president, according to someone familiar with the situation who spoke on the condition of anonymity to disclose details intended to be private.
Iran was able to infiltrate the Trump campaign after gaining access to the email accounts of a longtime political adviser, Roger J. Stone, in a type of breach that allows a hacker to infiltrate a circle of people by impersonating someone they communicate regularly with.
The material, stolen in what the government called a “hack-and-leak” operation, was sent to journalists at The New York Times and other outlets but was not widely published. The Times, and other news organizations, concluded that its publication was likely to serve the interests of the attackers. Even then, Iran was the lead suspect.
Iran’s hostility to Mr. Trump also includes an apparent effort to kill him, U.S. officials have said. Intelligence agencies have been tracking a potential Iranian assassination plot against Mr. Trump, and in August, the Justice Department charged a Pakistani man who had recently visited Iran with trying to hire a hit man to assassinate political figures, including the former president.
The hackers were motivated, in part, out of a desire to avenge the killing of Qasem Soleimani, the commander of the Quds Force of Iran in January 2020 in a drone attack approved by Mr. Trump. They also blame Mr. Trump for reimposing economic sanctions on Iran after he pulled out of the 2015 nuclear agreement, in which Iran agreed to give up 97 percent of its nuclear fuel and vastly reduce its capabilities to make more.
Soon after, the Iranian hackers began creating false online personas as a precursor to launching spear-phishing attacks, including targeting the spouse of a Supreme Court justice and prominent conservatives.
But Iran’s efforts intensified drastically this year, with a push to infiltrate Mr. Trump’s inner circle, obtain compromising internal communications and leak them to the news media and Democrats. The indictment documents detail those efforts, from May to August, starting with the successful attempt to engage Mr. Stone, followed by the steps the hackers took to gain access to email accounts of people in his trusted circle.
On June 27 — hours before President Biden’s fumbling debate performance against Mr. Trump, which ultimately led to his decision to drop out of the presidential race — the Iranians, using a false identity, reached out to people in Mr. Biden’s camp to offer up the stolen materials.
“I’m going to be pass some materials along to you that will be useful in defeating” Mr. Trump, one of the hackers wrote in an email that included the pilfered information in its body. “Read and be strong and ready or tonight.”
The Iranians seemed to be following the election so closely, they offered punditry, opining that the debate was Mr. Biden’s “last chance” — and accurately predicting that he would have to step aside if he foundered.
Mr. Garland would not comment on the Biden campaign’s subsequent actions, other than to say that it did not respond to the hackers, and that both the Harris and Trump campaigns have cooperated fully with the F.B.I.’s investigation.
“We’re not aware of any material being sent directly to the campaign — a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt,” said Morgan Finkelstein, a spokeswoman for the Harris campaign.
In July, the Iranians began sending stolen vetting materials about Mr. Trump’s running mate JD Vance to reporters, and continued to extract internal communications from Trump-related accounts as recently as Aug. 12, according to the indictment.
“Let’s be clear what we’re talking about — attempts by a hostile foreign government to steal campaign information from one presidential candidate, and shop it around to that candidate’s opponent and the media,” Christopher A. Wray, the director of the F.B.I., said in a statement.
In coordination with the indictment, the State Department offered a reward of up to $10 million for information on the hackers, while the Treasury Department issued sanctions against the men.
Hours after the indictment was unsealed, prosecutors in Washington also charged a naturalized U.S. citizen from Iran, who once worked for as a private contractor with the Federal Aviation Administration, with acting as an illegal foreign agent.
The man, Abouzar Rahmati, 42, who lives in Washington’s Virginia suburbs, is accused of providing Iranian intelligence officials with nonpublic details about the U.S. solar industry, along with information about airport radar systems and control towers.
Iranian intelligence officials appear to have been interested in “new ideas” that could be appropriated to improve Iran’s domestic infrastructure, according to the filing.
Maggie Haberman and Adam Goldman contributed reporting.