Priya PatelTLDR:
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six individuals associated with the Iranian intelligence agency for their involvement in cyber attacks on critical infrastructure entities. The officials are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) and have been held responsible for carrying out cyber operations, including hacking programmable logic controllers manufactured by Unitronics, an Israeli company. The attack on the Municipal Water Authority of Aliquippa in Pennsylvania in late November 2023 was attributed to an Iranian hacktivist persona called Cyber Av3ngers, who is associated with the IRGC-CEC. The Treasury Department highlights the potential harm and the devastating consequences of unauthorized access to critical infrastructure systems.
Key elements:
- The U.S. Treasury Department has sanctioned six Iranian officials associated with the Iranian intelligence agency for cyber attacks on critical infrastructure entities.
- The officials are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
- They have been held responsible for hacking programmable logic controllers manufactured by Unitronics, an Israeli company.
- In November 2023, Iranian threat actors targeted the Municipal Water Authority of Aliquippa in Pennsylvania by exploiting Unitronics PLCs.
- The attack was attributed to an Iranian hacktivist called Cyber Av3ngers, who is associated with the IRGC-CEC.
- The Treasury Department emphasizes the sensitivity of industrial control devices and the potential harm of unauthorized access to critical infrastructure systems.
- Another pro-Iranian group known as Homeland Justice claimed to have attacked Albania’s Institute of Statistics (INSTAT) and stolen terabytes of data.
Full Article
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six officials associated with the Iranian intelligence agency for their involvement in cyber attacks on critical infrastructure entities in the U.S. and other countries. The officials, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), have been accused of carrying out cyber operations that involved hacking programmable logic controllers (PLCs) manufactured by Unitronics, an Israeli company. The individuals targeted by the sanctions include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian. Reza Lashgarian, in particular, is the head of the IRGC-CEC and a commander in the IRGC-Qods Force, and he is alleged to have been involved in various cyber and intelligence operations carried out by the IRGC. The U.S. Treasury Department’s decision to sanction these individuals follows the disclosure by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that the Municipal Water Authority of Aliquippa in Pennsylvania was targeted by Iranian hackers who exploited Unitronics PLCs to gain unauthorized access to the system in late November 2023. The attack was attributed to an Iranian hacktivist persona called Cyber Av3ngers, which emerged during the Israel-Hamas conflict and has since conducted destructive cyber attacks against both Israeli and U.S. entities. The group behind Cyber Av3ngers has been active since 2020 and is also believed to be responsible for other cyber attacks, including one targeting Boston Children’s Hospital in 2021.
In a statement, the U.S. Treasury Department emphasized the sensitivity of industrial control devices, such as PLCs, used in critical infrastructure systems like water treatment plants. While the specific attack on the Municipal Water Authority of Aliquippa did not disrupt any critical services, the unauthorized access to critical infrastructure systems can have severe consequences and cause harm to the public. The Treasury Department also stressed that the sanctions imposed on the Iranian officials demonstrate the U.S. government’s commitment to holding individuals accountable for their cyber attacks on critical infrastructure. In addition to the sanctions on the Iranian officials, another pro-Iranian group known as Homeland Justice claimed responsibility for attacking the Institute of Statistics (INSTAT) in Albania and stealing terabytes of data. This group has a history of targeting Albania since mid-July 2022 and has recently been observed delivering a wiper malware called No-Justice. The U.S. government’s sanctions and the continued cyber activities by pro-Iranian groups highlight the ongoing threat posed by Iranian hackers to critical infrastructure and other targets.
