Alireza Shafie Nasab

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Alireza Shafie Nasab, an Iranian national, along with his associates Hossein Harooni, Reza Kazemifar, and Komeil Baradaran Salmani, have been identified as threat actors involved in a significant cyber-enabled campaign. This group has targeted both U.S. government and private entities, including the U.S. Departments of Treasury and State, defense contractors, and two New York-based companies. The indictment against these individuals was unsealed in Manhattan federal court, revealing their alleged involvement in these malicious activities. Notably, this is not Nasab's first charge; he was previously indicted for similar conduct on February 29, but remains at large. The four threat actors are accused of executing a malware operation that used spear-phishing and other hacking techniques to compromise hundreds of thousands of corporate employee accounts. During their employment with MASN, Nasab and Rahman specifically targeted U.S. entities. Each individual had distinct roles in the phishing campaigns, such as procuring online infrastructure for typosquatted domains used to harvest credentials and testing the application used to manage phishing campaigns, which they dubbed "Dandelion." This application monitored which victims clicked on malicious hyperlinks, often baited by Tehran hackers posing as women on social media. Despite the severity of their alleged crimes, it is unlikely that the defendants will face jail time due to their current fugitive status. Harooni, Kazemifar, Salmani, and Nasab all remain at large, evading capture and prosecution. Their ongoing evasion presents a continued threat to cybersecurity, particularly for U.S. government and private entities. As such, efforts to apprehend and neutralize these threat actors should remain a high priority within the cybersecurity landscape.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Iran
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MasnUnspecified
2
MASN, also known as Mehrsam Andisheh Saz Nik, is a threat actor identified as being associated with several Iranian Advanced Persistent Threat (APT) groups, including Tortoiseshell. This entity has been linked to a multi-year cyber campaign that targeted over a dozen U.S. companies and government en
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Alireza Shafie Nasab Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Flashpoint
3 months ago
COURT DOC: Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies
Securityaffairs
3 months ago
US offers a $10M reward for information on four Iranian nationals
DARKReading
3 months ago
Iran Dupes US Military Contractors, Gov't Agencies in Cyber Campaign
BankInfoSecurity
3 months ago
US Pressures Iran Over Phishing Campaign Against Feds
BankInfoSecurity
3 months ago
US Pressures Iran Over Phishing Campaign Against Feds