Risk Level:
99% May harm your business future; Persons or entities that engage in transactions with this entity will be exposed to sanctions or subject to an enforcement action;

Working with this entity means supporting Iranian Regime, Regime Terrorist Activities & development of WMD

Status:
Top Alert – Entity designated / sanctioned for terror, WMD and human rights violation

Info:
Mohammad Reza Espargham is wanted for his involvement in criminal activities including computer intrusions, identity theft, and wire fraud. Esphargham is charged with conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison, obtaining information by unauthorized access to protected computers, which carries a maximum sentence of five years in prison, intentional damage to protected computers, which carries a maximum sentence of ten years in prison, and conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison;

Mohammad Reza Espargham, Said Pourkarim Arabi, and Mohammad Bayati are wanted for their alleged involvement in criminal activities including computer intrusions, identity theft, and wire fraud. These Iranian hackers allegedly conspired to commit computer intrusions targeting American companies in the aerospace and satellite industries. They allegedly engaged in a coordinated campaign of social engineering that resulted in the theft of United States citizens’ identities, which they then used to steal critical information related to American aerospace and satellite technology and resources, including sensitive commercial information, intellectual property, and personal data. The men allegedly conducted this activity at the direction of Iran’s Islamic Revolutionary Guard Corps (IRGC).

On Sept. 17, 2020, in the Eastern District of Virginia, the Department announced the unsealing of a nine-count indictment charging three hackers in relation to an approximately four-year campaign to steal and attempt to steal critical information related to aerospace and satellite technology and resources, including sensitive commercial information, intellectual property, and personal data. The defendants, Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati, all Iranian nationals residing in Iran, conducted their activity at the direction of the IRGC, of which Arabi was a member. The defendants primarily accomplished their intrusions through socially engineered spearphishing campaigns, using at least one target list of over 1,800 individuals in Australia, Israel, Singapore, the United States, and the United Kingdom. Upon successfully enticing a victim to click on a link in such a spearphishing e-mail, a member of the conspiracy would deploy malware that allowed the conspirators to gain access credentials, escalate their privileges, maintain their unauthorized access to victim networks, and ultimately steal the sought-after data. To accompany the unsealing of this indictment, and to aid potential targets in the identification of malicious activity, the FBI released a Private Industry Notification (PIN) that identified the conspiracy’s TTPs and indicators of compromise.

To facilitate their victimization of these targets, the defendants engaged in a coordinated campaign of social engineering to identify real U.S. citizens working in the satellite and aerospace fields whose identities the defendants could assume online. The defendants then impersonated those individuals and used their stolen identities to register email addresses and fraudulently purchase domains and hacking tools for use in the scheme. The defendants then created customized spear phishing emails that purported to be from the individuals whose identities the defendants had stolen, in an attempt to entice the recipients to click on malicious links embedded in the emails. Once a recipient clicked on a malicious link, malware would be downloaded to the individual’s computer, giving the defendants unauthorized access to the recipient’s computer and network. The defendants then used additional hacking tools to maintain unauthorized access, escalate their privileges, and steal data sought by the IRGC. Using these methods, the defendants successfully compromised multiple victim networks, resulting in the theft of sensitive commercial information, intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company;

Arabi, who was a member of the IRGC, is charged with conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison, obtaining information by unauthorized access to protected computers, which carries a maximum sentence of five years in prison, intentional damage to protected computers, which carries a maximum sentence of ten years in prison, aggravated identity theft, which carries a mandatory sentence of two years in prison, and conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison;

On September 15, 2020, a federal grand jury in the United States District Court for the Eastern District of Virginia, Alexandria, Virginia, indicted Arabi on charges of Conspiracy to Commit Computer Intrusions, Obtaining Information by Unauthorized Access to Protected Computers, Intentional Damage to Protected Computers, Aggravated Identity Theft, and Conspiracy to Commit Wire Fraud, and a federal arrest warrant was issued;

Industry:
Tech Industry
Iranian Hackers

Involved In:
Conspiracy to Commit Computer Intrusions
Obtaining Information by Unauthorized Access to Protected Computers
Intentional Damage to Protected Computers
Aggravated Identity Theft
Conspiracy to Commit Wire Fraud

Also Known As:
Mohamad Reza Espargham

Country:
Iran

Reason for the color:
» State-Sponsored Iranian Hackers Indicted for Computer Intrusions at U.S. Satellite Companies – September 17, 2020;
» Mohammad Reza Espargham – FBI Wanted;


You May Be Interested

IFMAT Color Guide

×
We sort entities who are connected with terrorist activities, in two sections, first by risk and second by geolocation.
GeoLocation divisions are divided into two fields, Black List and Gray List.
BlackList is a list of all companies, organizations and figures who originate from Iran.
GrayList is a list of all companies, organizations and figures out of Iranian borders, and doing business with Iran.
We identify risk of entities by COLOR selection, each color marks the risk level of the entity.(by declining order)
 
TOP ALERT
Designated / Sanctioned / Illicit entities
 
HIGH ALERT
Entities affiliated with Designated / Sanctioned / Illicit entities.
 
MEDIUM ALERT
Entities sanctioned in the past for Terror or Illicit activities / WMD related / Human rights violations.
 
RISK ALERT
Entities in a problematic sector - Sector controlled by the Top Alert entities.
 
GENERAL ALERT
Legitimate entities - we cannot determine whether an entity is completely green, and that is due to the facts that the Iranian economy is not transparent enough for us. Be sure.