Three Iranians Face Charges for Cyber-Attack on Trump's Presidential Campaign
Prosecutors state that the Iranian operatives acquired materials for debate preparation and gathered opposition research packets concerning Donald Trump’s possible vice presidential nominees.
The grand jury in Washington approved the indictment on Thursday, which was subsequently made public. The three individuals named—Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi—are charged with engaging in a “sophisticated” operation to acquire confidential materials from the presidential campaign and share them with journalists and individuals related to another presidential campaign. They face 18 criminal counts, which include wire fraud, aggravated identity theft, and providing material support to a designated foreign terrorist organization, specifically the Iranian Revolutionary Guard Corps.
While the indictment doesn’t explicitly name the Trump or Biden campaigns, Attorney General Merrick Garland asserted that the alleged actions targeted Trump, and references within the indictment suggest that the hackers directed some of the obtained information to individuals associated with Biden's campaign.
A spokesperson for Vice President Kamala Harris' campaign condemned the Iranian efforts but emphasized that there was no indication the campaign itself was directly involved. “We’re not aware of any material being sent directly to the campaign; a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt,” spokesperson Morgan Finkelstein said. “We condemn in the strongest terms any effort by foreign actors to interfere in U.S. elections including this unwelcome and unacceptable malicious activity.”
When asked if the Democratic campaign had utilized any information obtained from the Republican campaign, a Harris campaign official indicated that “the materials were not used.”
During a press conference at the Justice Department, Garland reiterated a prior intelligence community statement asserting no evidence that the Biden associates who received the Trump campaign information responded to it. However, he refrained from confirming whether the materials were used by the Biden campaign. “I can only answer, what's in the indictment, what the intelligence community has said, in light of the evidence we have, we see no indication that anyone replied,” Garland explained. He did mention that the FBI “had good cooperation” from both campaigns.
The Trump campaign, which confirmed it had been hacked last month, had faced the leaking of internal documents via an anonymous email address that contained details about potential political risks associated with Sen. JD Vance, who is Trump’s running mate.
The indictment details that the three Iranian operatives successfully accessed email accounts of individuals connected to Trump’s 2024 campaign, building on previous attempts to infiltrate other U.S. government, political, and media figures. The hackers reportedly utilized compromised email accounts to execute “spear phishing” attacks on future targets.
According to prosecutors, the Iranian operatives acquired debate preparation materials, as well as opposition research on Trump’s prospective vice presidential choices. The indictment includes an email in which the hackers purportedly offered access to Trump’s preparation for the June 2024 debate to allies of Biden. “I’m going to pass some materials along to you that would be useful to defeat him,” they wrote, using a false persona.
Included in the correspondence were materials that the hackers characterized as Trump’s “final prep” for the debate, alongside an acknowledgment of the potential consequences for Biden if he failed in the debate, which could necessitate his replacement on the ticket.
“The defendants’ own words make clear that they were attempting to undermine former President Trump's campaign in advance of the 2024 U.S. presidential election,” Garland stated. “The Justice Department will not tolerate attempts by Iran or by any foreign power to interfere in our elections and undermine our democracy.”
The first defendant, Jalili, identified as a “Master of Information Technology,” and his co-defendants allegedly hacked into the email accounts of various figures, including a former State Department official involved in the Abraham Accords, a U.S.-based author, a journalist at a Washington think tank, a former homeland security adviser, two ex-CIA officials, a former U.S. ambassador to Israel, and the co-founder of an Iranian human rights organization—all unnamed in the indictment.
From May 2024 until the present, the indictment claims the hackers targeted individuals connected to a presidential campaign, successfully compromising the email accounts of an informal consultant to the candidate, two officials on the campaign, and an attorney representing Trump.
The indictment suggests that the hackers sought to leverage the information obtained to support their ongoing agenda related to avenging the death of Iranian general Qasem Soleimani, killed by a U.S. drone strike in January 2020. They also aimed to disrupt the Trump campaign by leaking stolen materials.
Using social engineering techniques to gain the trust of their victims, the hackers created a false email account that appeared to belong to the spouse of a Supreme Court justice. Reports indicate they maintained “long-term, persistent” access to some of the compromised accounts.
After reports surfaced last month concerning the hacking, Trump’s campaign pointed the blame at Tehran. A Microsoft report from August 8 disclosed Iranian hackers had sent a spear phishing email in June to a high-ranking official within a presidential campaign.
U.S. security agencies released a rare statement earlier this month indicating that Iranian operatives sent data taken from Trump’s campaign to individuals linked to Biden's reelection efforts, noting there is no evidence that the recipients responded.
Harris’ campaign has stated that its officials did not utilize information allegedly sent by the Iranian hackers. It remains unclear if Biden associates were aware of these actions prior to being informed by the FBI.
Google’s cybersecurity division has indicated that Iranian attempts to hack into Biden’s campaign were present as well, though no successful breaches were reported.
The prospects for bringing the defendants, who are believed to reside in Iran, into U.S. custody remain slim. When asked about any frustrations regarding their status, Garland remarked, “From the Justice Department's point of view, which is the law enforcement point of view, we will follow these people for the rest of their lives.”
Justice Department officials defend what are known as name-and-shame cases as beneficial because they complicate travel for the implicated individuals, raise public awareness among foreign governments regarding U.S. objections to their conduct, and encourage Americans to remain vigilant against disinformation that could destabilize the political landscape.
Additionally, the Treasury Department announced sanctions against one of the alleged hackers, stating Jalili was responsible for “malicious cyber operations targeting a former U.S. government official in 2022.” Treasury also sanctioned six employees and executives from an Iranian cybersecurity firm, Emennet Pasargad, which faces accusations of attempting to influence the 2020 presidential election.
“The U.S. government continues to closely monitor efforts by malicious actors to influence or interfere in the integrity of our elections,” said Bradley Smith, the acting undersecretary of the Treasury for Terrorism and Financial Intelligence. “Treasury, as part of a whole-of-government effort leveraging all available tools and authorities, remains strongly committed to holding accountable those who seek to undermine our institutions.”
Debra A Smith contributed to this report for TROIB News