Security News > 2022 > September > US govt sanctions ten Iranians linked to ransomware attacks

The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks.

Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.

The U.S. Department of the Treasury also sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran's Ministry of Intelligence and Security in 2019.

One year later, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company that coordinated cyber-attackers on behalf of MOIS. The U.S. State Department also offers $10 million for information on Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari, three of the sanctioned Iranians who were also charged by the Department of Justice today for their involvement in ransomware attacks against U.S. critical infrastructure orgs.

Secureworks said it successfully linked the Nemesis Kitten group to Iranian companies Najee Technology, Afkar System, and a third entity named Secnerd after taking advantage of several OPSEC mistakes made during a June 2022 ransomware incident.

Similar malicious activity linked to Cobalt Mirage was reported by SecureWorks' Counter Threat Unit in May. "Last week, Microsoft said the same threat group has been moonlighting"for personal or company-specific revenue generation as a sub-group of the Iranian-backed Phosphorus cyber-espionage group.

News URL

https://www.bleepingcomputer.com/news/security/us-govt-sanctions-ten-iranians-linked-to-ransomware-attacks/