The Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions on Wednesday against 10 individuals and two entities who are associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks.
Over the past two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and internationally.
“Several cybersecurity firms have determined these intrusion sets as being associated with the Government of Iran, and have identified them as having conducted a varied range of malicious cyber-enabled activities, including ransomware and cyber-espionage,” the Department of Treasury said in its press release on Wednesday.
“This group has launched extensive campaigns against organizations and officials across the globe, particularly targeting the U.S. and Middle Eastern defense, diplomatic, and government personnel, as well as private industries including media, energy, business services, and telecommunications,” the US Treasury added.
The IRGC-affiliated group is made up of employees and associates of Iran-based companies Najee Technology Hooshmand Fater LLC (Najee Technology) and Afkar System Yazd Company (Afkar System).
Additionally, the US Department of the Treasury sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran’s Ministry of Intelligence and Security (MOIS) back in 2019.
Then, in 2020, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company to organize and coordinate cyber-attackers for the MOIS.
The US State Department also offered a $10 million reward for information regarding three of the sanctioned Iranians (Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari) who were also charged by the Department of Justice on Wednesday for being involved in ransomware attacks against US critical infrastructure organizations.
Finally, the cybercriminal group’s actions were described in further detail in a joint advisory issued earlier on Wednesday by cybersecurity agencies in the US, Canada, UK, and Australia.