The FBI has warned that an Iranian government-tied hacker group that tried to interfere in the 2020 election is currently active and a threat to the U.S.
The group, which federal agencies say operates from an Iranian cybersecurity company called Emennet Pasargad, is engaged in “ongoing” operations to hack and leak material, and may target American organizations, the FBI said Thursday in an industry warning.
In October 2020, the FBI announced that Iran was behind the most significant foreign attempt to influence that year’s U.S. elections. Democrats registered to vote in Florida, which makes voter information publicly accessible, received intimidating emails in the weeks before the election, instructing them to become Republicans. The emails were signed “Proud Boys,” the extremist pro-Trump group.
Iran denied involvement at the time. The following month, the U.S. Justice Department charged two Iranians over the scheme, saying they had tried to compromise voter registration in 11 states and were successful in one. In 2021, the Treasury Department sanctioned Emennet Pasargad and six Iranians affiliated with it for their “online operation to intimidate and influence American voters, and to undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.”
In its memo Thursday, the FBI warned, “these techniques may be used to target US entities as seen during Emennet’s cyber-enabled information operation that targeted the 2020 US Presidential election.”
Meanwhile, the State Department announced a reward Wednesday of up to $10 million for information about Emennet Pasargad members, part of its larger Rewards for Justice bounty program on key hackers who have targeted the U.S.
Aside from the campaign aimed at influencing the 2020 U.S. election, Emennet Pasargad is largely known for targeting Israeli companies, and often hacks organizations and leaks potentially sensitive material online using made-up hacktivist personas, the FBI said.
“Within the past year, the FBI has identified a destructive cyber attack against a US organization — indicating the group remains a cyber threat to the United States,” the warning said. It was not clear what organization the FBI was referring to, and the agency did not immediately respond to requests for comment.
Adam Meyers, the senior vice president of intelligence at Crowdstrike, a cybersecurity firm that has tracked the Emennet Pasargad for several years, told NBC News that the company had hacked and leaked information from several Israeli targets earlier this year.
“They were hacking closed-circuit television cameras, getting footage from Israeli ports,” Meyers said.
The FBI and the Cybersecurity and Infrastructure Security Agency have said in recent weeks that they saw no evidence of a foreign adversary preparing for major cyber operations targeting U.S. election infrastructure but that hybrid or influence operations were “likely.”
Also on Thursday, the Biden administration issued its strongest accusation yet against Iran for helping Russia’s invasion of Ukraine.
John Kirby, the spokesperson for the White House National Security Council, told reporters that “Iranian military personnel were on the ground in Crimea and assisted Russia” in drone strikes against Ukrainian forces.
Ken Dilanian contributed reporting.