Six Iranian government officials linked to cyber attacks face sanctions amidst rising concerns

In a significant move, the US Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian officials connected to “malicious” cyber attacks targeting critical infrastructure organizations both in the UK and abroad.

The sanctioned individuals are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) and stand accused of hacking programmable logic controllers produced by Unitronics, an Israeli company.

Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, expressed deep concern, stating, “The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act. The United States will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account.”

While the cyber attacks did not disrupt critical services, the US Department of the Treasury emphasized that unauthorized access “can enable actions that harm the public and cause devastating humanitarian consequences.” The US responded swiftly, remediating the incident with minimal impacts.

The six individuals added to OFAC’s Specially Designated Nationals list include Hamid Homayunfal, Hamid Reza Lashgarian, Reza Mohammad Amin, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Saberian, and Mohammad Bagher Shirinkar. Notably, Hamid Reza Lashgarian is the head of the IRGC-CEC and a commander in the IRGC-Qods Force, involved in various IRGC cyber and intelligence operations.

Despite the cyber attacks not causing major disruptions, the United States remains deeply concerned about the intentional targeting of critical systems. The statement cautioned that such cyber operations, which impair the use and operation of critical infrastructure, are destabilizing and potentially escalatory.

This incident is not the first time that Iranian cyber actors have targeted US infrastructure. In 2021, there were ransomware attacks and an attempted operation against Boston Children’s Hospital. Similar incidents were also recorded in other European countries and Israel, according to the US Treasury.

Sanctions have been imposed “pursuant to the counterterrorism authority Executive Order (E.O.) 13224” to prevent further incidents. As a result, all property and interests of the officials involved in the cyber attacks are now blocked and must be reported to OFAC. Persons or financial institutions engaging in transactions with the sanctioned officials could expose themselves to sanctions or face enforcement actions.

The US Treasury’s decisive action reflects the increasing global concern over state-sponsored cyber attacks targeting critical infrastructure, underlining the need for international cooperation to address these growing threats.