Iranian hackers indicted Friday allegedly sought to impersonate Ginni Thomas as they targeted Trump campaign
Ginni Thomas, a conservative activist and wife of Supreme Court Justice Clarence Thomas, was among the prominent political figures that Iranian hackers sought to impersonate as part of their efforts to target people associated with former President Donald Trump, according to court documents and law enforcement officials briefed on the matter.
US federal prosecutors on Friday unsealed criminal charges against three Iranian government-linked hackers in connection with a hacking operation aimed at Trump.
The three are accused of a multi-year hacking effort aimed at current and former US officials and journalists, including the breach of the Trump campaign this summer, according to an indictment unsealed in the US District Court for the District of Columbia.
Masoud Jalili, Seyyed Ali Aghamiri and Yasar (Yaser) Balaghi are accused of aggravated identity theft and wire fraud for their hacking efforts on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC).
Between June and August, the hackers used access to a Trump campaign official’s personal email account to steal “debate preparation” material and information on potential vice presidential candidates, according to the indictment. The leak of some of that material to US media outlets was part of an Iranian effort to stoke discord during the election, the Justice Department alleged.
“The defendants’ own words make clear that they were attempting to undermine former President Trump’s campaign in advance of the 2024 US presidential election,” Attorney General Merrick Garland told reporters Friday.
“These authoritarian regimes, which violate the human rights of their own citizens do not get a say in our country’s democratic process,” Garland said.
The indictment doesn’t identify Ginni Thomas by name, but it states that between April and May 2024, the hackers used the persona set up in the name of the justice’s spouse to send spearphishing emails to a former homeland security adviser to a former US president, among other targets.
The hackers had set up a fake email account in Ginni Thomas’ name in April 2020, according to the indictment and law enforcement officials, but it wasn’t until four years later that they used that account in their efforts.
The US Supreme Court did not respond to a request for comment.
According to the indictment, the hackers were also trying to steal information held by current and former US officials that could be used to help “ongoing efforts to avenge the death of Qasem Soleimani,” the former IRGC Quds Force commander whom the US killed in a Trump-authorized strike in January 2020.
Prosecutors say that hours before the June 27 debate between Trump and President Joe Biden, the hackers impersonated a Trump campaign official to send internal debate preparation documents. The email went to a personal email account of someone associated with the Biden campaign and the indictment says the email account owner didn’t respond. The campaign of Vice President Kamala Harris has said the people who received the emails thought they were spam or phishing attempts.
Separately, the US Treasury Department imposed sanctions on seven people, including Jalili, as part of a sweeping response to Iranian efforts “to influence or interfere” in the 2020 and 2024 US presidential elections.
The alleged Iranian hack threw a twist in the presidential campaign in August when multiple news outlets reported receiving emails from a pseudonymous email account peddling documents stolen from the Trump campaign.
None of the alleged hackers have been arrested
The aggressive soliciting of the stolen information — which included a vetting file on Trump’s running mate, Ohio Sen. JD Vance — to media outlets immediately drew comparisons to 2016, when Russian intelligence officers used WikiLeaks to launder emails stolen from the Hillary Clinton campaign.
None of the alleged Iranian hackers have been arrested. The indictment is one of several US government efforts to blunt the impact of Iranian and Russian influence operations on the November presidential election by publicly exposing the activity.
The indictment includes photos of an office building in Tehran affiliated with at least one of the alleged hackers, along with a photo of Balaghi smiling with computers behind him.
Iranian operatives are working to undermine Trump’s presidential bid through covert social media operations, while Russia is trying to undermine Harris’ campaign through similar means, according to US intelligence assessments. China has largely been focused on influencing down-ballot races rather than the presidential contest, according to US intelligence.
US officials quickly concluded that individuals affiliated with the IRGC were behind the hack, stealing the internal Trump campaign documents to try to sow discord around the presidential election. That particular IRGC hacking group has a long history of targeting the email accounts of senior officials from the Trump and Biden administrations for espionage and surveillance purposes. The hacking group breached an ex-Trump administration official in 2022 around the same time that the IRGC was trying to kill former national security adviser John Bolton.
The hacking operation aimed at the Trump campaign began in May, according to the indictment. The alleged IRGC-linked hackers targeted longtime Trump ally Roger Stone and used access to his email account to target campaign staff.
The hackers also attempted to target the Biden-Harris campaign, the FBI has said.
Iran has denied US allegations that it is trying to meddle in the US election.
US intelligence officials have warned the public that foreign operatives will likely ramp up their efforts to undermine confidence in the voting process in the final weeks before the presidential election. US officials have in turn tried to burn some of their operations through indictments, sanctions and press conferences.
The Justice Department this month announced criminal charges against two employees of Russian state-run media outlet RT for covertly funneling nearly $10 million into a US company to create and amplify content that aligned with Russian interests. The department also seized 34 internet domains that Russian front companies were allegedly using to disseminate anti-Ukraine propaganda by impersonating prominent US news outlet like The Washington Post and Fox News.
Garland defends releasing would-be Trump assassin letter
Speaking to reporters Friday, Garland defended the Justice Department’s decision to release a letter allegedly written by the man charged in the second assassination attempt against Trump, saying that prosecutors had to “ensure” the would-be assassin remained in jail.
The letter was released in court documents as part of an effort to keep the man, Ryan Wesley Routh, detained before trial. The letter was addressed to “The World” and read, “This was an assassination attempt on Donald Trump but I am so sorry I failed you. I tried my best and gave it all the gumption I could muster. It is up to you now to finish the job; and I will offer $150,000 to whomever can complete the job.”
Republican lawmakers, including Republican Rep. Jim Jordan, have criticized the DOJ over the release of the letter, saying its release put Trump in more danger.
“Our first job, with respect to Routh, was ensuring that he be detained,” Garland said on Friday. “And when you file a detention motion, the prosecutors have to make the most reasonable judgment they can about what evidence is necessary to ensure detention.”
This story has been updated with additional developments.
For more CNN news and newsletters create an account at CNN.com