In a bold response to escalating cyber threats, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken significant measures against Iranian cyber actors who have been targeting American companies and government agencies. Today, OFAC sanctioned two companies and four individuals for engaging in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC).
These sanctions come as a part of a coordinated effort with the U.S. Department of Justice and the Federal Bureau of Investigation, which also unveiled an indictment against the individuals involved in these cyber attacks. This multi-pronged approach underscores the U.S. government’s commitment to thwarting cyber threats and protecting national security.
A Pattern of Disruption
The designated actors have used sophisticated tactics such as spear phishing and malware to infiltrate more than a dozen U.S. entities, posing a significant threat to the country’s infrastructure and safety. These operations are part of a broader strategy by the IRGC-CEC to destabilize critical infrastructure, which could potentially have devastating humanitarian consequences.
Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, emphasized the gravity of the situation. “Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated campaign intended to destabilize our critical infrastructure and harm our citizens,” Nelson stated. He affirmed that the U.S. would persist in its “whole-of-government approach to expose and disrupt these networks’ operations.”
The IRGC-CEC Network
The IRGC-CEC, previously designated under various executive orders for its connections to the IRGC, operates through front companies to conduct its cyber operations. These companies, including Mehrsam Andisheh Saz Nik and Dadeh Afzar Arman, play pivotal roles in the IRGC-CEC’s cyber activities. Employees and management of these companies, often unaware of their involvement in state-sponsored cyber activities, are exploited to fulfill the IRGC’s objectives.
Sanctioned Entities and Individuals
The individuals and companies targeted in today’s sanctions include:
- Mehrsam Andisheh Saz Nik, identified as a front company supporting the IRGC-CEC’s cyber operations.
- Alireza Shafie Nasab and Reza Kazemifar Rahman, who were instrumental in operational testing of malware and spear phishing campaigns.
- Dadeh Afzar Arman and its employee, Hosein Mohammad Haruni, for their active roles in malicious cyber campaigns.
- Komeil Baradaran Salmani, linked with multiple IRGC-CEC front companies and spear phishing operations.
Implications of Sanctions
As a result of these sanctions, all properties and interests in property of the designated persons that are in the United States or in the control of U.S. persons are blocked and must be reported to OFAC. Additionally, U.S. persons are generally prohibited from engaging in transactions with the blocked persons unless authorized by OFAC.
These measures are part of a broader strategy to combat cyber threats and ensure national security. The Treasury’s action sends a clear message that the United States will not tolerate cyber attacks and will take all necessary steps to safeguard its interests and its people.