Security News > 2022 > September > US govt sanctions ten Iranians linked to ransomware attacks
The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks.
Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.
The U.S. Department of the Treasury also sanctioned individuals linked to Net Peygard Samavat Company for working with the IRGC and Iran's Ministry of Intelligence and Security in 2019.
One year later, the U.S. Treasury sanctioned Rana Intelligence Computing Company and some of its employees for acting as a front company that coordinated cyber-attackers on behalf of MOIS. The U.S. State Department also offers $10 million for information on Mansour Ahmadi, Ahmad Khatibi Aghda, and Hossein Nikaeen Ravari, three of the sanctioned Iranians who were also charged by the Department of Justice today for their involvement in ransomware attacks against U.S. critical infrastructure orgs.
Secureworks said it successfully linked the Nemesis Kitten group to Iranian companies Najee Technology, Afkar System, and a third entity named Secnerd after taking advantage of several OPSEC mistakes made during a June 2022 ransomware incident.
Similar malicious activity linked to Cobalt Mirage was reported by SecureWorks' Counter Threat Unit in May. "Last week, Microsoft said the same threat group has been moonlighting"for personal or company-specific revenue generation as a sub-group of the Iranian-backed Phosphorus cyber-espionage group.
News URL
Related news
- Iranian charged over attacks against US defense contractors, government agencies (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- JetBrains TeamCity under attack by ransomware thugs after disclosure mess (source)
- Possible China link to Change Healthcare ransomware attack (source)
- Change Healthcare registers pulse after crippling ransomware attack (source)
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)