Alireza Shafie Nasab

Alireza Shafie Nasab, an Iranian national, along with his associates Hossein Harooni, Reza Kazemifar, and Komeil Baradaran Salmani, have been identified as threat actors involved in a significant cyber-enabled campaign. This group has targeted both U.S. government and private entities, including the U.S. Departments of Treasury and State, defense contractors, and two New York-based companies. The indictment against these individuals was unsealed in Manhattan federal court, revealing their alleged involvement in these malicious activities. Notably, this is not Nasab's first charge; he was previously indicted for similar conduct on February 29, but remains at large. The four threat actors are accused of executing a malware operation that used spear-phishing and other hacking techniques to compromise hundreds of thousands of corporate employee accounts. During their employment with MASN, Nasab and Rahman specifically targeted U.S. entities. Each individual had distinct roles in the phishing campaigns, such as procuring online infrastructure for typosquatted domains used to harvest credentials and testing the application used to manage phishing campaigns, which they dubbed "Dandelion." This application monitored which victims clicked on malicious hyperlinks, often baited by Tehran hackers posing as women on social media. Despite the severity of their alleged crimes, it is unlikely that the defendants will face jail time due to their current fugitive status. Harooni, Kazemifar, Salmani, and Nasab all remain at large, evading capture and prosecution. Their ongoing evasion presents a continued threat to cybersecurity, particularly for U.S. government and private entities. As such, efforts to apprehend and neutralize these threat actors should remain a high priority within the cybersecurity landscape.