Security News > 2022 > September > US govt sanctions ten Iranians linked to ransomware attacks
The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks.
Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.
The U.S. Department of the Treasury also sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran's Ministry of Intelligence and Security in 2019.
One year later, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company that coordinated cyber-attackers on behalf of MOIS. The U.S. State Department also offers $10 million for information on Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari, three of the sanctioned Iranians who were also charged by the Department of Justice today for their involvement in ransomware attacks against U.S. critical infrastructure orgs.
Secureworks said it successfully linked the Nemesis Kitten group to Iranian companies Najee Technology, Afkar System, and a third entity named Secnerd after taking advantage of several OPSEC mistakes made during a June 2022 ransomware incident.
Similar malicious activity linked to Cobalt Mirage was reported by SecureWorks' Counter Threat Unit in May. "Last week, Microsoft said the same threat group has been moonlighting"for personal or company-specific revenue generation as a sub-group of the Iranian-backed Phosphorus cyber-espionage group.
News URL
Related news
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)