Friday , 24 March 2023

US sanctions group of Iran-linked ‘malicious’ cyber actors

Al-Monitor – The United States on Wednesday announced sanctions on 10 individuals and two companies affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) accused of conducting “malicious” cyber acts, including ransomware activity. 

“Today’s actions demonstrate our commitment to disrupting ransomware infrastructure and actors,” Secretary of State Antony Blinken said in a statement. “The United States will not tolerate malicious cyber activities victimizing the backbone of the US economy and critical infrastructure.”

These designations were part of a joint action with the Justice Department, Treasury Department, FBI, USCYBERCOM, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency.

The latest designations mark the third time this month that the administration has imposed non-nuclear related sanctions on Iranian individuals and entities, and come as the talks to revive the nuclear deal known as the Joint Comprehensive Plan of Action have reached an impasse. 

Last week, the administration slapped economic sanctions on Iran’s Ministry of Intelligence and Security and the country’s intelligence minister, Esmail Khatib, over an apparent cyberattack that Iran conducted on Albania in July. Separately, the administration imposed sanctions on Iranian firms over the production and shipment of military drones used by Russia and the IRGC. 

That two of the three recent rounds of sanctions targeted Tehran in cyberspace is “a sign of both Iran’s evolving use of this domain and Washington’s desire to counter it,” said Behnam Ben Taleblu, a senior fellow at the Foundation for Defense of Democracies. 

“The latest sanctions package represents an interagency effort that is commendable, but follow-through is needed to curb Iran’s use of contractors and cutouts to engage in ransomware, cyber-espionage, hacking and exfiltration,” Taleblu said. 

In a coordination action on Wednesday, the Justice Department announced charges against three Iranian nationals for their alleged role in a computer hacking scheme targeting victims in the United States and around the world. 

According to the unsealed indictment, Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein targeted a range of organizations that included a domestic violence shelter in Pennsylvania, an electric utility company in Indiana and an accounting firm in Illinois.

The indictment does not say that the three men were acting on behalf of the Iranian government; however, the Treasury Department’s sanctions announcement describes the men as IRGC-affiliated employees. 

“The government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” said Matthew Olsen, the head of the Justice Department’s national security division. 

“This indictment makes clear that even other Iranians are less safe because their own government fails to follow international norms and stop Iranian cyber criminals,” Olsen said in a statement.

Also on Wednesday, the State Department’s Reward for Justice program announced up to $10 million for information on individuals who on behalf of a foreign government have participated in malicious cyber activities against US critical infrastructure.