Security News > 2022 > September > US govt sanctions ten Iranians linked to ransomware attacks

The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks.
Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.
The U.S. Department of the Treasury also sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran's Ministry of Intelligence and Security in 2019.
One year later, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company that coordinated cyber-attackers on behalf of MOIS. The U.S. State Department also offers $10 million for information on Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari, three of the sanctioned Iranians who were also charged by the Department of Justice today for their involvement in ransomware attacks against U.S. critical infrastructure orgs.
Secureworks said it successfully linked the Nemesis Kitten group to Iranian companies Najee Technology, Afkar System, and a third entity named Secnerd after taking advantage of several OPSEC mistakes made during a June 2022 ransomware incident.
Similar malicious activity linked to Cobalt Mirage was reported by SecureWorks' Counter Threat Unit in May. "Last week, Microsoft said the same threat group has been moonlighting"for personal or company-specific revenue generation as a sub-group of the Iranian-backed Phosphorus cyber-espionage group.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)