Our latest alleged cybercriminal is Iranian Said Pourkarim Arabi, 35. The FBI says he led a trio of Iranians who broke into computer systems at US and UK aerospace companies between July 2105 and February 2019.
As of August 2015, Arabi was employed by the Iranian Revolutionary Guard Corps, according to a federal indictment. He listed “intelligence officer and operations manager for air, space, and cyber” for the IRGC on a resume the FBI found online.
The resume also listed hacking projects as accomplishments, including breaking into servers at a company “in partnership with an American multinational corporation invested in aerospace and satellites,” the indictment said.
He and two co-defendants, also Iranians, used fake email accounts, fake LinkedIn profiles, and other measures to fool aerospace industry victims to check out a phony satellite tracking app.
Arabi is specifically accused of creating fake email accounts and fake domains to obscure the Iranians’ identities.
One way he did this was to take over a dormant email account belonging to a university professor acquainted with many of the aerospace victims. Emails urging the victims to check out the satellite app appeared to come from the professor.
Those spearphishing emails contained a link to learn more about the satellite tracking app. When a victim clicked the link, they unwittingly downloaded a Remote Access Trojan, a type of malware that allows crooks into victim computers and network systems.
The FBI said the trojan malware then allowed the Iranians to travel through an organization’s network, escalate their user privileges, and steal confidential data from victim companies.
The indictment, unsealed nearly a year ago, said Arabi lived in IRGC housing in Iran, although it didn’t specify a city. Arabi remains at large.
You can view his Cyber Most Wanted information here.