The US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with Iran’s intelligence agency for attacking critical infrastructure entities in the US and other countries.
The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps’ Cyber-Electronic Command (IRGC-CEC).
Reza Lashgarian is also the head of the IRGC-CEC and a commander of the IRGC-Qods force. He is alleged to have been involved in various IRGC cyber and intelligence operations.
The Treasury Department said it holds these individuals responsible for carrying out “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company.”
In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that the Aliquippa Municipal Water Authority in western Pennsylvania was targeted by Iranian criminals exploiting Unitronics PLCs.
The attack was attributed to an Iranian hacker nicknamed Cyber Av3ngers, who came to prominence in the aftermath of the conflict between Israel and Hamas, staging destructive attacks against entities in Israel and the United States.
The group, active since 2020, is also said to be behind numerous other cyberattacks, including one against Boston Children’s Hospital in 2021 and others in Europe and Israel.
“Industrial control devices, such as programmable logic controllers, used in water systems and other critical infrastructure, are sensitive targets,” the Treasury Department noted.
“While this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.”
The development comes as another pro-Iranian “psychological operational group” known as Homeland Justice said it attacked the Albanian Institute of Statistics (INSTAT) and stole terabytes of data.
Homeland Justice has a track record of targeting Albania since mid-July 2022, with the threat actor recently observed delivering wiper malware codenamed No-Justice.