Iranian hackers breached computers of the American satellite technology industry with help from a fake website and an unsuspecting college professor. 

Court documents obtained by The Daily Beast show that the FBI believes Iranian hackers going by the nicknames MRSCO and N3O may have been involved in the attempted breaches. The hackers, members of a long-running Iranian hacker collective known as the “Iranian Dark Coders Team,” have become known for defacing websites with pro-Iranian and Hezbollah propaganda, hacking gas-station pump terminals online, and attacking an Israeli credit-card company over the past seven years. 

The Department of Justice declined to comment publicly on the investigation. 

The FBI began investigating the campaign when unnamed satellite trackers tipped off the Bureau that someone was sending out malware-laden spear-phishing emails in an attempt to trick recipients into downloading software hosted on a website made to look like a legitimate app for finding satellite orbits. The messages, written in stilted English, advertised an “ultimate software for tracking satellite [sic]” and were allegedly sent to members of a satellite-tracking website after the site had been hacked. 

Agents pulled the registration information for the bait website and found that the hackers had tried to impersonate an employee of the commercial satellite imagery firm DigitalGlobe when creating the site in order to make the software downloads appear genuine. 

One recipient of the poisoned emails noticed that code embedded in the fake satellite technology company’s website contained noteworthy strings of text. A download link for the malicious software contained a script that included the phrases “IraNiaN DarK CoderS TeaM” and “Israel Fucked by M.R.S.CO And Ali.Pci.”

That text, law enforcement officials believed, pointed to a well-known hacker collective, the Iranian Dark Coders Team, and one of its top members, who goes by the nickname MRSCO. 

Read more: Daily Beast