The US Justice Department (DOJ) indicted three Iranian nationals on Friday, accusing them of orchestrating Iran’s alleged hack-and-leak operation aimed at disrupting Donald Trump’s presidential campaign. The charges reveal an extensive effort to compromise confidential data from current and former US government officials, with the objective of undermining public trust in the electoral process.
According to the indictment, the conspiracy began targeting the presidential campaign in May, following years of breaching the accounts of former government officials. The hackers utilized the same infrastructure to infiltrate personal accounts linked to the campaign, obtaining sensitive documents and emails. By June, the activities escalated into a “hack-and-leak” campaign, with the stolen material being weaponized to manipulate the political narrative and disrupt the election. The DOJ noted that the hackers even reached out to the Biden-Harris campaign, offering access to Trump’s debate preparation materials.
US Attorney General Merrick B. Garland stated in a press release that the DOJ is working tirelessly to thwart Iran’s cyberattacks that seek to incite discord, diminish confidence in democratic institutions, and influence US elections. “The American people – not Iran, or any other foreign power – will decide the outcome of our country’s elections,” he affirmed.
FBI Director Christopher Wray commented that the charges were the result of a comprehensive FBI investigation, which culminated in the indictment of the three Iranian nationals. He emphasized the brazen nature of Iran’s behavior and sent a clear message to the Iranian government and its hackers that they cannot hide behind their keyboards. More information on the FBI’s stance and the individuals involved can be found here.
The indictment underscores that these activities are part of Iran’s ongoing efforts to sow discord, erode the US electoral process’s integrity, and unlawfully acquire information to support the Islamic Revolutionary Guard Corps (IRGC). The DOJ alleges that the hacking was, in part, retaliation for the death of Qasem Soleimani, a commander in the IRGC, who was killed by a US drone strike in January 2020. Since then, US officials have kept a close watch on several revenge plots. For background on Soleimani’s death, refer to this report.
The trio faces charges of conspiracy to steal information, wire fraud, identity theft, and providing material support to the IRGC, a designated foreign terrorist organization. However, the likelihood of them facing trial in the US remains uncertain due to the frequent non-extradition of cybercriminals by certain countries.
Among those targeted was Ginni Thomas, a conservative activist and the wife of US Supreme Court Justice Clarence Thomas. The hackers impersonated her and sent spear-phishing emails to prominent Trump-connected figures, including a former homeland security adviser, between April and May 2024.
US intelligence officials caution that Iran’s tactics are not new. The same strategies aimed at fueling division and disrupting the 2020 presidential election are being replayed. In a joint statement on September 18, the ODNI, FBI, and CISA warned that “foreign actors” are ramping up their election interference efforts as November approaches. They noted that Russia, Iran, and China are trying to exploit divisions in US society for their gain and view election periods as times of vulnerability. The officials stressed that any attempts to undermine democratic institutions are direct threats to the US and would not be tolerated. The complete joint statement is available here.