The US Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two companies and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps’ (IRGC) Cyber Electronic Command -CEC) at least from 2016 to April 2021.
This includes front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzar Arman (DAA), as well as Iranian nationals Alireza Shafie Nasab, Reza Kazemifar Rahman, Hossein Mohammad Harooni and Komeil Baradaran Salmani.
“These actors targeted more than a dozen U.S. businesses and government entities through cyber operations, including spear phishing and malware attacks,” the Treasury Department said.
In conjunction with the sanctions, the U.S. Department of Justice (DoJ) unsealed an indictment against the four individuals for orchestrating cyberattacks against the U.S. government and private entities.
Furthermore, a reward up to 10 million dollars was announced as part of the U.S. State Department’s Rewards for Justice program to obtain information leading to the identification or location of the group and defendants.
It is worth noting that Nasab, who worked for MASN, was charged in a previous indictment made public on February 29, 2024. The defendants remain at large.
Rahman, also employed by MASN, is alleged to have worked on testing malware intended to target job seekers, with a particular focus on military veterans. He also allegedly worked for Iran’s Electronic Warfare and Cyber Defense Organization (EWCD), a component of the IRGC, from approximately 2014 to 2020.
MASN (formerly Mahak Rayan Afraz and Dehkadeh Telecommunication and Security Company) is monitored by the cybersecurity community under the name Tortoiseshell and is one of many contracting companies that serve as fronts for malicious campaigns orchestrated by the IRGC. It was liquidated in June 2023.
The US Treasury Department said the second sanctioned company also “engaged in malicious cyber campaigns on behalf of the IRGC-CEC”, noting that Harooni was employed by the DAA and carried out spear-phishing and engineering attacks social against US organizations.
Salmani is said to be associated with several IRGC-CEC front companies, including MASN, and involved in spear-phishing campaigns against US entities. Nasab, Harooni and Salmani were also responsible for acquiring and maintaining online network infrastructure used to facilitate the intrusions, the DoJ said.
Overall, in the coordinated, multi-year hacking wave, the defendants primarily targeted private sector defense contractors and other government entities, ultimately compromising more than 200,000 employee accounts.
Each of the defendants was charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud and wire fraud. If convicted, they face up to five years in prison for conspiracy to commit wire fraud and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.
Additionally, Harooni was charged with knowingly damaging a protected computer, which carries a maximum sentence of 10 years in prison. Nasab, Harooni and Salmani were also charged with aggravated identity theft, which carries a mandatory prison sentence of two consecutive years.
“Criminal activity emanating from Iran poses a grave threat to America’s national security and economic stability,” Attorney General Merrick B. Garland said in a statement.
“These defendants are alleged to be engaged in a coordinated, multi-year hacking campaign by Iran that targeted more than a dozen American companies, the U.S. Departments of the Treasury and State.”
The development comes amid geopolitical tensions in the Middle East after an Israeli airstrike bombed the Iranian embassy in Syria, prompting the latter to launch a drone and missile attack on Israel, which, in turn, brought a Israeli missile attack hitting a plane. defense radar system near Isfahan.