The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S..
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned two front companies, Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzar Arman (DAA) linked to the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC).
The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) is an organization within the Iranian government responsible for cybersecurity and cyber warfare. It is considered a major threat by many countries, including the United States, due to its involvement in various malicious cyber activities.
The Iranian nationals were involved in attacks against more than a dozen U.S. companies and government entities. The individuals launched spear-phishing and malware attacks. The U.S. Department of Justice and the Federal Bureau of Investigation unsealed an indictment against the four individuals for their roles in these cyber operations.
“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”
Iranian cyber actors persist in targeting the United States through various malicious cyber activities, including ransomware attacks on critical infrastructure and spear phishing campaigns against individuals, companies, and government entities.
The four Iranian nationals are Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab — are accused of participating in a malware operation using spear-phishing and other hacking techniques to harvest hundreds of thousands of corporate employee accounts.
Alireza Shafie Nasab and Reza Kazemifar Rahman targeted the U.S. entities while employed by MASN. Kazemifar was involved in the attacks against the Department of the Treasury. Hosein Mohammad Harooni targeted the Treasury Department and other U.S. entities using spear phishing and social engineering. Komeil Baradaran Salmani operated with several IRGC-CEC front companies and was involved in spear-phishing campaigns targeting various U.S. entities, including the Department of the Treasury.
“As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.” reads the announcement. “In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.”
The four men are still at large.
The Department of State also announced a $10 million reward for information leading to the arrest of the four Iranian nationals.
In February, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Iran)