The United States Wednesday slapped new sanctions on individuals and entities linked to Iran's Revolutionary Guards for Tehran's "malicious" cyber activities.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned ten individuals and two companies, Najee Technology and Afkar System, over their roles in conducting malicious cyber acts including ransomware activity, the Treasury said in a press release.The Treasury Department had also sanctioned Iran’s intelligence ministry for “cyber operations” against the US and its allies on Friday.
“We will continue to take coordination action with our global partners to combat and deter ransomware threats, including those associated with the IRGC,” said Brian E. Nelson, under secretary of the Treasury for terrorism and financial intelligence.
The United States and its European allies have intensified warnings over the activitiesof hackers and cyber-espionage threat actors believed to be sponsored by the Islamic Republic of Iran following reported Iranian cyber operations against Albania, a NATO member.
The Western warnings and US sanctions come as 18-month-long negotiations to revive the 2015 nuclear deal with Iran have hit a snag, with Tehran hardening its position.
Tirana cut diplomatic ties with Tehran due to a cyberattack in July that temporarily disrupted government websites and services.
The US Treasury Department on September 9 sanctioned Iran’s intelligence ministry for “cyber operations” against the US and its allies, a day after White House and NATO allies condemned the July attack which happened around the time of a conference of the exiled Iranian Albania-based opposition group Mujahideen-e Khalq (MEK).
Three alleged cyber criminals named by the US
In early August, cybersecurity firm Mandiant expressed “moderate confidence” the attackers were acting in support of Tehran’s efforts to disrupt the MEK conference, which had to be cancelled as well due to a terror threat.
Microsoft also announced Monday that it has been tracking hacking activities by an Iran-linked group, known as DEV-0343, that targeted US and Israeli defense and other key companies. ““DEV-0343 continues to evolve their techniques to refine its attacks,” the report said.
Iran’s foreign ministry Thursday rejected accusations about the alleged cyberattack. Relations between Tehran and Tirana have been tense since 2014, when Albania accepted some 3,000 members of the MEK.
Albania’s interior ministry on Saturday accused Tehran of another attack on its government computer systems on Friday that forced Tirana to temporarily take its Total Information Management System (TIMS) offline. Albanian Prime Minister Edi Rama said on Twitter the cyberattack was carried out by the “same aggressors” behind the July hack.
Hackers and cyber spies allegedly working for Iran have also been accused of targeting those specializing in Middle Eastern affairs or nuclear security including academics, policymakers, diplomats, journalists, as well as human rights activists who focus on Iran.
These threat actors have improved and polished their technics over the years. According to a Wednesday report by Security firm Proofpoint in mid-2022, the Iran-aligned threat actor known as TA453 deployed a new social engineering impersonation technique informally called ‘Multi-Persona Impersonation’ (MPI) by Proofpoint.
MPIis based on the psychology principle of social proof and involves using at least two personas on a single email thread to convince phishing targets of the legitimacy of the threat actor’s emails.
According to Proofpoint researchers, in a standard TA453 campaign, the threat actor masquerades as an individual such as a journalist working to collaborate with the intended target. TA453 has targeted academics, policymakers, diplomats, journalists, and human rights workers, they said.