U.S. Sanctions Iran for Election Hacking

On November 18, the United States sanctioned six Iranian men and one company, Emennet Pasargad, for attempting to interfere with the 2020 U.S. presidential election. Sectary of State Antony Blinken said that the move represents “the collective efforts of the Department of the Treasury, the Department of State, and the Federal Bureau of Investigation.” The U.S. government “took decisive and disruptive action against those seeking to interfere with the sanctity of our elections,” he added.

Emennet Employees Designated by the Department of the Treasury

The Department of Justice also charged two of the Iranians for trying to intimidate and influence American voters. Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian were charged with:

  • one count of conspiracy to commit computer fraud and abuse
  • one count of voter intimidation
  • one count of transmission of interstate threats

Kazemi was also charged with one count of unauthorized computer intrusion and one count of computer fraud. The State Department offered a reward of up to $10 million for information about the two men.

Iran condemned the new sanctions as illegitimate. The moves are a “continuation of the failed policy of Trump's maximum pressure and as actions out of desperation,” Foreign Ministry Spokesperson Saeed Khatibzadeh said on November 19. The following are statements from Secretary Blinken, the Department of the Treasury and the Department of Justice.

 

Secretary of State Antony Blinken

State-sponsored actors, including Iranian groups, have engaged in covert and deceptive activities to disseminate disinformation through websites and social media designed to undermine Americans’ faith in U.S. elections.

Today, the United States is designating six Iranian individuals and one Iranian entity, pursuant to Executive Order (E.O.) 13848, for their roles in attempting to influence the 2020 U.S. presidential election.  By taking this action, the U.S. government demonstrates that we will hold state-sponsored actors to account for attempting to undermine public confidence in the electoral process and U.S. institutions.

Today’s designations represent the collective efforts of the Department of the Treasury, the Department of State, and the Federal Bureau of Investigation.  The U.S. government took decisive and disruptive action against those seeking to interfere with the sanctity of our elections, including the FBI warning the public of the attempts ahead of the 2020 elections.

 

Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election

Treasury sealToday, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated six Iranian individuals and one Iranian entity pursuant to Executive Order (E.O.) 13848, “Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election,” for attempting to influence the 2020 U.S. presidential election.  

The United States identified attempted cyber-enabled intrusions by state-sponsored actors, including Iranian actors who sought to sow discord and undermine voters’ faith in the U.S. electoral process.  The actors also disseminated disinformation on social media and sent threatening emails as well as a fraudulent video.  The fake video was made in an attempt to undermine faith in the election by implying that individuals could cast fraudulent ballots.

“Treasury will continue to counter efforts to undermine the integrity of our election systems,” said Deputy Secretary of the Treasury Wally Adeyemo.  “Today’s action underscores the U.S. government’s commitment to hold state-sponsored actors accountable for attempting to undermine public confidence in the electoral process and U.S. institutions.”  

Iran’s Efforts to Influence U.S. Elections

Between approximately August 2020 and November 2020, state-sponsored Iranian cyber actors executed an online operation to intimidate and influence American voters, and to undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.  These Iranian actors obtained or attempted to obtain U.S. voter information from U.S. state election websites, sent threatening emails to intimidate voters, and crafted and disseminated disinformation pertaining to the election and election security.  Furthermore, the Iranians illicitly accessed content management accounts of several online U.S. media entities, which resulted in their ability to edit and create fraudulent content.  However, the actors’ ability to leverage this unauthorized access was ultimately thwarted by the Federal Bureau of Investigation (FBI). 

Leading this attempted election influence campaign was Iranian cyber company Emennet Pasargad.  Emennet was previously designated under its former name, Net Peygard Samavat Company, pursuant to E.O. 13606 in February 2019, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Islamic Revolutionary Guard Corps-Electronic Warfare and Cyber Defense Organization (IRGC-EWCD).  The company rebranded itself to evade U.S. sanctions and continue its disruptive cyber operations against the United States.  Emmenet is being designated pursuant to E.O. 13848 for attempting to influence the 2020 U.S. presidential election.

Emennet is managed by Iranian national Mohammad Bagher Shirinkar (Shirinkar), whom OFAC previously designated pursuant to E.O. 13606 in February 2019 for having materially assisted the IRGC-EWCD.  Shirinkar is being re-designated pursuant to E.O. 13848 for attempting to influence the 2020 U.S. presidential election. 

As part of today’s action, OFAC is also designating five additional Iranian nationals who are part of Emennet’s network.  Emennet employees Seyyed Mohammad Hosein Musa Kazemi (Kazemi) and Sajjad Kashian (Kashian) are being designated pursuant to E.O. 13848 for attempting to influence the 2020 U.S. presidential election.  Kazemi and Kashian executed cyber-enabled operations as part of the campaign to influence the election.  Mostafa SarmadiSeyyed Mehdi Hashemi Toghroljerdi, and Hosein Akbari Nodeh, who serve on Emennet's Board of Directors, are being designated pursuant to E.O. 13848 for acting, or purporting to act, for on behalf of Emennet.

Emennet Employees Designated Pursuant to E.O. 13848

Today’s designations represent the collective efforts of Treasury, the U.S. Department of State, and the FBI.  Concurrent with today’s designations, the U.S. Department of Justice unsealed a five-count indictment against Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian. Further, pursuant to the Rewards for Justice Program, the State Department is offering a reward of up to $10 million for information on or about the activities of these two individuals.  

 

Sanctions Implications

As a result of today’s designation, all property and interests in property of the designated targets that are subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.  Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked.  In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entity and individuals may expose themselves to sanctions or be subject to an enforcement action.

 

Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election

An indictment was unsealed in New York today charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.

According to court documents, Seyyed Mohammad Hosein Musa Kazemi (سید محمد حسین موسی کاظمی), aka Mohammad Hosein Musa Kazem, aka Hosein Zamani, 24, and Sajjad Kashian (سجاد کاشیان), aka Kiarash Nabavi, 27, both of Iran, obtained confidential U.S. voter information from at least one state election website; sent threatening email messages to intimidate and interfere with voters; created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities; attempted to access, without authorization, several states’ voting-related websites; and successfully gained unauthorized access to a U.S. media company’s computer network that, if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle to disseminate false claims after the election.

“This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public. The Department is committed to exposing and disrupting malign foreign influence efforts using all available tools, including criminal charges.”

“As alleged, Kazemi and Kashian were part of a coordinated conspiracy in which Iranian hackers sought to undermine faith and confidence in the U.S. presidential election,” said U.S. Attorney Damian Williams for the Southern District of New York. “Working with others, Kazemi and Kashian accessed voter information from at least one state’s voter database, threatened U.S. voters via email, and even disseminated a fictitious video that purported to depict actors fabricating overseas ballots. The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections. As a result of the charges unsealed today, and the concurrent efforts of our U.S. government partners, Kazemi and Kashian will forever look over their shoulders as we strive to bring them to justice.”

“The FBI remains committed to countering malicious cyber activity targeting our democratic process,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Working rapidly with our private sector and U.S. government partners and ahead of the election, we were able to disrupt and mitigate this malicious activity – and then to enable today’s joint, sequenced operations against the adversary. Today’s announcement shows what we can accomplish as a community and a country when we work together, and the FBI will continue to do its part to keep our democracy safe.”

According to the allegations contained in the indictment unsealed today:

The Voter Intimidation and Influence Campaign

Starting in approximately August 2020, and proceeding until November 2020, Kazemi, Kashian, and other co-conspirators began a coordinated, campaign to undermine faith and confidence in the 2020 presidential election (the “Voter Intimidation and Influence Campaign”) and otherwise sow discord within U.S. society. The Campaign had four components:

  • In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately 11 state voter websites, including state voter registration websites and state voter information websites. Those efforts resulted in the successful exploitation of a misconfigured computer system of a particular U.S. state (“State-1”), and the resulting unauthorized downloading of information concerning more than 100,000 of State-1’s voters.
  • In October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the presidential campaign of Donald J. Trump, White House advisors, and members of the media. The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The False Election Messages were accompanied by a video (the “False Election Video”) carrying the Proud Boys logo, which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (FVAP) for military and overseas voters.[1]
  • Also in October 2020, the conspirators engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys, to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website. The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.
  • On Nov. 4, 2020, the day after the 2020 U.S. presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (Media Company-1) computer networks. Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content. However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access and these log-in attempts failed.

Background on Kazemi and Kashian

Kazemi and Kashian are experienced Iran-based computer hackers who worked as contractors for an Iran-based company formerly known as Eeleyanet Gostar, and now known as Emennet Pasargad. Eeleyanet Gostar purported to provide cybersecurity services within Iran. Among other things, Eeleyanet Gostar is known to have provided services to the Iranian government, including to the Guardian Council.

As part of his role in the Voter Intimidation and Influence Campaign, Kazemi compromised computer servers that were used to send the Voter Threat Emails, drafted those emails, and compromised the systems of Media Company-1. Kashian managed the conspirators’ computer infrastructure used to carry out the Voter Threat Emails campaign and he purchased social media accounts in furtherance of the Voter Intimidation and Influence Campaign.

Kazemi and Kashian are both charged with one count of conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, which carries a maximum sentence of five years in prison; one count of voter intimidation, which carries a maximum sentence of one year in prison; and one count of transmission of interstate threats, which carries a maximum sentence of five years in prison. Kazemi is additionally charged with one count of unauthorized computer intrusion, which carries a maximum sentence of five years in prison; and one count of computer fraud, namely, knowingly damaging a protected computer, which carries a maximum sentence of 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

Concurrent with the unsealing of the indictment, the Department of the Treasury Office of Foreign Assets Control (OFAC) designated Emennet Pasargad, Kazemi, Kashian, and four other Iranian nationals comprising Emennet Pasargad leadership pursuant to Executive Order 13848, “Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.” Additionally, the Department of State’s Rewards for Justice Program, is offering a reward of up to $10 million for information on or about the Kazemi and Kashian’s activities.

The FBI’s Cyber Division and Cleveland Field Office are investigating the case.

Assistant U.S. Attorneys Dina McLeod and Louis A. Pellegrino and Trial Attorney Adam Small of the National Security Division’s Counterintelligence and Export Control Section are prosecuting the case.

An indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Some of the information in this article was originally published on November 18, 2021.