Security News > 2022 > September > US govt sanctions ten Iranians linked to ransomware attacks

The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks.
Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.
The U.S. Department of the Treasury also sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran's Ministry of Intelligence and Security in 2019.
One year later, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company that coordinated cyber-attackers on behalf of MOIS. The U.S. State Department also offers $10 million for information on Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari, three of the sanctioned Iranians who were also charged by the Department of Justice today for their involvement in ransomware attacks against U.S. critical infrastructure orgs.
Secureworks said it successfully linked the Nemesis Kitten group to Iranian companies Najee Technology, Afkar System, and a third entity named Secnerd after taking advantage of several OPSEC mistakes made during a June 2022 ransomware incident.
Similar malicious activity linked to Cobalt Mirage was reported by SecureWorks' Counter Threat Unit in May. "Last week, Microsoft said the same threat group has been moonlighting"for personal or company-specific revenue generation as a sub-group of the Iranian-backed Phosphorus cyber-espionage group.
News URL
Related news
- Toronto Zoo shares update on last year's ransomware attack (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)