US govt sanctions Iranians linked to government cyberattacks

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.

OFAC also announced sanctions against two front companies—Mehrsam Andisheh Saz Nik (MASN), formerly Mahak Rayan Afzar, and Dadeh Afzar Arman (DAA)—for the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC), an Iranian Armed Forces service that coordinates the country's cyber warfare campaigns.

Two of the sanctioned cybercriminals, Alireza Shafie Nasab and Reza Kazemifar Rahman targeted U.S. organizations while employed by MASN. Kazemifar also attacked the Department of the Treasury in spear phishing campaigns.

A third sanctioned Iranian, Hosein Mohammad Harooni, targeted the Treasury Department and other U.S. entities using spear phishing and various social engineering operations.

Komeil Baradaran Salmani, the fourth Iranian sanctioned, was linked to attacks against U.S. orgs coordinated by MASN, DAA, and other IRGC-CEC front companies and IRGC services like the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD).

Although the Iranian threat actors are still at large, today's sanctions have frozen all U.S.-based assets and interests tied to designated individuals and entities.

Entities at least 50% owned by blocked persons are also subject to freeze, and transactions involving their assets are prohibited without OFAC authorization, while financial institutions and other organizations dealing with sanctioned individuals and companies also risk exposure to sanctions or enforcement actions.

The State Department is also offering rewards of up to $10 million for information on Kazemifar, Salmani, and Harooni, as well as the MASN and DAA IRGC-CEC front companies.

Rewards for Justice poster (State Department)