Tuesday , December 24 2024

US sanctions Iranian companies for attempted cyber attack on behalf of Revolutionary Guard Corps

US Treasury Department Office of Foreign Assets Control(OFAC) Iranian Islamic Revolutionary Guard Corps The Cyber ​​Electronic Command (IRGC-CEC) has imposed sanctions on two corporate entities and four individuals involved in malicious cyber activities. These entities and individuals targeted more than a dozen US companies and government entities through various cyber operations, including spear phishing and malware attacks. Additionally, the US Department of Justice and the Federal Bureau of Investigation have opened charges against four individuals for their roles in cyber campaigns targeting US entities.

Terrorism and Financial Intelligence Department US Under Secretary of State Brian E. Nelson highlighted ongoing efforts by Iranian cyber actors to target US interests with the goal of weakening critical infrastructure and harming US citizens. The United States remains dedicated to using an omnichannel strategy across government sectors to uncover and disrupt the activities of these malicious networks.

Iranian cyber criminals The United States continues to be targeted with a wide range of hostile cyber attacks, from spear phishing and social engineering efforts against private citizens and government agencies to ransomware attacks on critical infrastructure. One of the main organizers of Iranian government-sponsored cyber operations, the IRGC-CEC uses a network of key companies to fund its operations both inside and outside the United States. Although the management and key activists of these leading companies are aware of their support for the IRGC-CEC, the Iranian public is still largely unaware of the actual ties to these organizations and the illicit ways the IRGC-CEC uses them. .

Amended Executive Order (EO) 13224, which establishes counterterrorism powers, is followed in carrying out the current enforcement action. Specifically, the IRGC-CEC was recognized pursuant to EO 13606 on January 12, 2018, as it was affiliated with the IRGC, which was designated pursuant to EO 13224 on October 13, 2017. Six IRGC-CEC officials were named earlier. by OFAC in February 2024 in response to recent cyber actions. Unauthorized access to key infrastructure systems poses serious threats, potentially negatively impacting public welfare and humanitarian issues, even if these actions do not harm critical services.

The IRGC-CEC has identified key companies, including Mehrsam Andisheh Saz Nik (MASN), formerly known as Mehak Rayyan Afzar, as facilitators of hostile cyber activity. Two former MASN members, Alireza Shafi Nasab and Reza Kazemifar Rahman, have been linked to cyber attacks on US organizations. On behalf of the IRGC-CEC, another front company, Dadeh Afzar Arman (DAA), has also conducted malicious cyber campaigns. The DAA employs people such as Hossein Mohammed Harouni and Komil Baradaran Salmani, who have been linked to spear phishing campaigns that have targeted US organizations such as the Treasury Department.

All assets and interests owned by designated businesses and individuals that are located in the US or owned by US citizens are restricted in response to these measures and are required to be reported to OFAC. Furthermore, blocking also applies to entities that are directly or indirectly, singly or collectively, owned by one or more blocked persons. Unless approved by OFAC, transactions involving property or interests in property of designated or otherwise prohibited persons are often prohibited.

Financial institutions and other organizations risk facing penalties or legal action if they transact or interact with sanctioned individuals and companies. These restrictions include giving money, products or services to or for the benefit of specific individuals, as well as accepting donations or gifts from such organizations.

Penalties imposed by OFAC are based on its designation power as well as its readiness to remove individuals from the sanctions list in compliance with applicable laws. The main goal of punishment is to promote constructive behavior change rather than to have a punitive effect. See OFAC's FAQs and comprehensive removal process instructions for information on how to request removal from any OFAC list, including the Specially Designated Nationals and Blocked Persons lists (SDN lists).