Three members of Iran’s military have been charged with hacking email accounts connected to Donald Trump’s 2024 presidential campaign, the Justice Department said Friday. The Treasury Department also announced a fresh round of sanctions against Iranians it said interfered in the 2020 and 2024 elections.
The indictment, approved by a grand jury in Washington on Thursday and made public on Friday, accuses three people — Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi — of carrying out a “sophisticated” operation to obtain confidential presidential campaign materials and share them with journalists and individuals associated with another presidential campaign. The defendants are charged with 18 criminal counts, including wire fraud, aggravated identity theft and providing material support to a designated foreign terrorist organization, the Iranian Revolutionary Guard Corps.
The indictment does not name either the Trump or Joe Biden campaigns, but Attorney General Merrick Garland said the alleged attempts targeted Trump, and references in the indictment clearly indicate that the hackers are accused of directing at least some of the fruits of that effort to people linked to Biden.
A spokesperson for Vice President Kamala Harris’ campaign, which effectively took over Biden’s bid when he bowed out of the race in July, denounced the Iranian effort but stressed it did not appear to involve the campaign itself.
“We’re not aware of any material being sent directly to the campaign; a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt,” spokesperson Morgan Finkelstein said. “We condemn in the strongest terms any effort by foreign actors to interfere in U.S. elections including this unwelcome and unacceptable malicious activity.”
Asked whether the Democratic campaign relied on any of the information from its GOP rival, a Harris campaign official said: “The materials were not used.”
During a press conference Friday at Justice Department headquarters, Garland reiterated an earlier intelligence community statement saying there was no indication the Biden allies who were sent the Trump campaign information responded to the message.
However, he demurred when asked by POLITICO whether the Biden campaign associates used the material.
“I can only answer, what’s in the indictment, what the intelligence community has said, in light of the evidence we have, we see no indication that anyone replied,” Garland said. He did say that the FBI “had good cooperation” from both the Trump campaign and the Biden, now Harris, campaign.
The Trump campaign confirmed last month that it had been hacked after POLITICO and other news organizations received internal campaign documents from an anonymous email address, including what appeared to be research into potential political liabilities of Sen. JD Vance, Trump’s running mate.
The indictment describes a successful effort by the three Iranian operatives to access the email accounts of figures associated with Trump’s 2024 campaign. That effort built on several years of attempts to compromise other figures in U.S. government, politics and media. And the hackers allegedly used email accounts they compromised to target future victims with “spear phishing” emails.
The Iranian operatives, according to prosecutors, obtained debate prep material, in addition to opposition research packets on Trump’s potential vice presidential picks. The indictment includes the text of an email that the Iranians allegedly sent to allies of Biden offering access to Trump’s prep for the June 2024 debate.
“I’m going to pass some materials along to you that would be useful to defeat him,” the Iranians wrote, regarding Trump and using a false persona, according to the indictment.
The email included materials that the Iranians described as Trump’s “final prep” for the debate. They were aware of the stakes for Biden, saying a loss at the debate would force Democrats to replace him on the ticket.
“The defendants’ own words make clear that they were attempting to undermine former President Trump’s campaign in advance of the 2024 U.S. presidential election,” Garland said. “The Justice Department will not tolerate attempts by Iran or by any foreign power to interfere in our elections and undermine our democracy.”
The first defendant, Jalili, described himself as “Master of Information Technology.” He and his co-defendants allegedly hacked into email accounts belonging to a former State Department official who helped negotiate the Abraham Accords, which normalized some Arab countries’ relations with Israel. They also compromised the email accounts of a U.S.-based author; a journalist based at a Washington, D.C., think tank; a former presidential homeland security adviser; two former CIA officials; a former U.S. ambassador to Israel; and the co-founder of an Iranian human rights group. None are named in the indictment.
Then, from May 2024 up through this month, the indictment alleges, the hackers targeted people linked to a presidential campaign, successfully compromising the email accounts of an informal consultant to the candidate, two officials on the campaign, and an attorney representing the candidate — known to be Trump.
The indictment signals that the hackers aimed to use information they gleaned from the computer intrusions to support their “ongoing efforts to avenge the death of Qasem Soleimani,” an Iranian general killed in a U.S. drone strike in January 2020.
They also aimed to undermine the Trump campaign by leaking material stolen from the campaign, according to the indictment.
And they used social engineering tactics to gain victims’ trust, pretending to be people they knew. In April 2020, for instance, they set up an email account purporting to belong to the spouse of a Supreme Court justice.
They also had “long-term, persistent” access to some of the hacked accounts.
After POLITICO reported last month on some aspects of the hack, Trump’s presidential campaign blamed Tehran. And a Microsoft report on Aug. 8 disclosed that Iranian hackers had “sent a spear phishing email in June to a high-ranking official on a presidential campaign.”
U.S. security agencies released an unusual statement earlier this month saying Iranians sent material stolen from the former president’s campaign to people linked to Biden’s reelection team. The statement said there is no sign the recipients responded.
Harris’ presidential campaign has said its officials did not make use of the information its allies were allegedly sent by the Iranian hackers. It’s unclear whether the Biden associates were aware of the effort before the FBI notified them of it.
Google’s cybersecurity arm has said Iranians tried to hack into Biden’s campaign as well, but there are no indications those attempts succeeded.
There appears to be little prospect that the defendants, who appear to live in Iran, will be taken into U.S. custody anytime soon, if ever. Asked Friday if there’s frustration that the defendants are currently beyond the reach of U.S. authorities, Garland said: “From the Justice Department’s point of view, which is the law enforcement point of view, we will follow these people for the rest of their lives.”
Justice Department officials have defended so called name-and-shame cases as worthwhile because they make it more difficult for the alleged perpetrators to travel freely, put foreign governments on public notice that the U.S. objects to their actions, and encourage Americans prepared to cast their votes to be vigilant about potential disinformation and polarizing political content that U.S. officials say is intended to destabilize the American political system.
The Treasury Department also announced Friday that it was sanctioning one of the alleged Iranian hackers. The department said Jalili was responsible for “malicious cyber operations targeting a former U.S. government official in 2022.”
In addition, Treasury sanctioned six employees and executives of an Iranian cybersecurity company that it said had attempted to interfere in the 2020 presidential election.
The company, Emennet Pasargad, was previously sanctioned over accusations that it orchestrated an online operation to influence American voters in 2020. Treasury said that the company also sought to obtain U.S. voter information from state election websites and disseminated disinformation “pertaining to the election and election security.”
“The U.S. government continues to closely monitor efforts by malicious actors to influence or interfere in the integrity of our elections,” Bradley Smith, the acting undersecretary of the Treasury for Terrorism and Financial Intelligence, said in a statement. “Treasury, as part of a whole-of-government effort leveraging all available tools and authorities, remains strongly committed to holding accountable those who see to undermine our institutions.”