Sanctions, Criminal Charges Follow Iranian Operation to Influence U.S. Presidential Election

Iranian hackers sent voters threatening messages that had appeared to come from the Proud Boys as part of a “false flag” operation, prosecutors say

(Source: Shutterstock)

By Samuel Rubenfeld

Monday, November 22, 2021


At a hasty late-evening press conference in the final days leading up to the U.S. presidential election, top intelligence officials blamed Iran for a flurry of threatening emails sent to voters.

The messages had appeared to come from the Proud Boys, a neo-fascist extremist group later sanctioned by Canada as terrorists, according to media reports from the time. 

Voters were startled by the threats. The U.S. intelligence officials did not mention the Proud Boys at the press conference, saying instead that Iran had sent the emails and other content, including a video implying that individuals could cast fraudulent ballots, even from abroad. Mistakes made in the video showed Iran’s hand, Reuters reported, citing multiple sources. 

Last Thursday, the U.S. announced criminal charges and sanctions related to the influence operation, laying the blame on Emennet Pasargad, an Iranian cyber company, along with multiple Iranian nationals who were part of its network. The use of the Proud Boys name served as a “false flag,” according to an indictment. The sanctions were imposed under U.S. authorities relating to foreign interference in U.S. elections. 

“[The] Treasury will continue to counter efforts to undermine the integrity of our election systems,” said Deputy Secretary Wally Adeyemo. Iran’s foreign ministry condemned the sanctions, saying in a post on social media they were imposed under a false pretext and calling the measures a continuation of the “maximum pressure” policy toward Tehran.  

Emennet Pasargad had been sanctioned in February 2019 under a prior name, Net Peygard Samavat Company, the U.S. Treasury Department said in its statement. Net Peygard Samavat and its manager, Mohammad Bagher Shirinkar, had supported Iran’s Islamic Revolutionary Guard Corps-Electronic Warfare and Cyber Defense Organization (IRGC-EWCD). Shirinkar, who was sanctioned alongside the company in 2019, was designated again on Thursday.

The company, meanwhile, had merely rebranded to evade U.S. sanctions and continued its cyber operations, the Treasury said. But the two firms have unique registration numbers and different directors and shareholders, according to Iranian corporate records reviewed by Kharon.

Alongside Emennet Pasargad, the Treasury sanctioned three members of its board of directors -- Mostafa Sarmadi, Seyyed Mehdi Hashemi Toghroljerdi and Hosein Akbari Nodeh -- and two of its employees. The staffers, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian,  were charged in a multi-count indictment for allegedly carrying out the election operation, and are each the subject of a reward offer of up to USD 10 million.

“The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections,” said Damian Williams, U.S. attorney for the Southern District of New York, in a statement.

Kazemi and Kashian are each experienced Iran-based hackers who worked as contractors for Emennet Pasargad, which was previously known as Eeleyanet Gostar, prosecutors said. 

Eeleyanet Gostar and Emennet Pasargad have distinct corporate registration numbers, but they share an address, shareholders and leadership, according to records reviewed by Kharon. Sarmadi, a director and shareholder of both firms, is also on the board of a third company, Kharon found.

Beginning in August 2020 and carrying on through to the day after the polls closed, Kazemi and Kashian, and others, orchestrated a four-stage campaign to undermine faith and confidence in the 2020 U.S. presidential election, according to the indictment.

The first phase of the operation involved the attempt to compromise 11 state voter websites, one of which was successful through misconfigured computers, the indictment said. The effort resulted in the downloading of information for more than 100,000 voters; the state isn’t named.

Then, they sent messages and emails to Republican lawmakers, individuals associated with the presidential campaign of Donald Trump, White House advisers and members of the media claiming to be Proud Boys volunteers, saying the Democratic party was planning to exploit vulnerabilities to edit mail-in ballots or even register non-existent voters, the indictment said. 

At the same time, members of the conspiracy also disseminated a video depicting an individual hacking into state voter websites and using the illicitly obtained information to create fraudulent absentee ballots; the video was in fact a simulated intrusion created using their own server and the data obtained in the first stage of the operation, according to the indictment.

The next step involved the emailed threats to voters, including some whose information was obtained from the compromised state registry, the indictment said. But in this case, the messages were sent to registered Democrats, threatening them with physical injury if they didn’t change their party affiliation, according to the indictment. 

The operation continued until Nov. 4, the day after the presidential election, prosecutors said. In its final stage, Kazemi and Kashian, and the others, tried to leverage an earlier intrusion into the network of an American media company and gain access using stolen credentials, according to the indictment.  The media company is not named by prosecutors in the indictment, but it was identified Friday by The Wall Street Journal as Lee Enterprises Inc., one of the largest newspaper chains in the U.S., according to people familiar with the matter.

Prior to the election, members of the conspiracy had tested their ability to modify content on the company’s content management system, according to the indictment. But the post-election effort failed because the media company mitigated the unauthorized access problem following an FBI victim notification, the indictment said.

“State-sponsored actors, including Iranian groups, have engaged in covert and deceptive activities to disseminate disinformation through websites and social media designed to undermine Americans’ faith in U.S. elections,” said Secretary of State Antony Blinken.

Share this story