Security News > 2022 > September > U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks
The U.S. Treasury Department's Office of Foreign Assets Control on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks at least since October 2020.
What's more, independent analyses from the two cybersecurity firms as well as Google-owned Mandiant has revealed the group's connections to two companies Najee Technology and Afkar System, both of which have been subjected to U.S. sanctions.
While exact links between the two companies and IRGC remain unclear, the method of private Iranian firms acting as fronts or providing support for intelligence operations is well established over the years, including that of ITSecTeam, Mersad, Emennet Pasargad, and Rana Intelligence Computing Company.
Ahmad Khatibi Aghda is also part of the 10 individuals sanctioned by the U.S., alongside Mansour Ahmadi, the CEO of Najee Technology, and other employees of the two enterprises who are said to be complicit in targeting various networks globally by leveraging well-known security flaws to gain initial access to further follow-on attacks.
Coinciding with the sanctions, the Justice Department separately charged Ahmadi, Khatibi, and a third Iranian national named Amir Hossein Nickaein Ravari for engaging in a criminal extortion scheme to inflict damage and losses to victims located in the U.S., Israel, and Iran.
The development comes close on the heels of sanctions imposed by the U.S. against Iran's Ministry of Intelligence and Security and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies.
News URL
https://thehackernews.com/2022/09/us-charges-3-iranian-hackers-and.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)