The US Treasury Department’s Office of Foreign Asset Control has added 10 individuals, 2 entities, and several crypto addresses allegedly linked to an Iranian ransomware group to its list of Specially Designated Nationals, effectively making it illegal for US individuals and companies to get in touch with them.
In an announcement Wednesday, the US Treasury Department said the individuals and companies in the ransomware group were affiliated with Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. The group allegedly carried out “a diverse array of malicious cyber activities”, including compromising the systems of a US-based children’s hospital in June 2021 and targeting “US and Middle East defense, diplomatic and government personnel.” .
OFAC has listed 7 Bitcoin (BTC) addresses allegedly connected to 2 of Iran’s nationals – Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar – as part of its secondary sanctions. According to Treasury, Khatibi has been associated with technology and computer services company Afkar System — one of two entities sanctioned in the same announcement — since 2007. The government department claimed that Nikaeed had “rented and registered network infrastructure” to help the ransomware group.
“Ransomware actors and other cybercriminals, regardless of national origin or location, have been targeting businesses and critical infrastructure across the board – a direct threat to the physical security and economy of the United States and other countries,” said Brian Nelson, Undersecretary of the Treasury for Terrorism and Financial Intelligence. “We will continue to coordinate actions with our global partners to combat and deter ransomware threats.”
In a coordinated action within the US government, OFAC has identified a dozen Iran-based individuals for their roles in malicious cybercrime, including ransomware activity. The US, Australia, Canada and the UK also publish a joint cybersecurity advisory. https://t.co/OVnr3jprBA
— Ministry of Finance (@USTreasury) September 14, 2022
The news came as the Justice Department announced charges against Khatibi, Nikaeed and Mansour Ahmadi — also among those named in OFAC’s sanctions — for allegedly “orchestrating a plan to hack into the computer networks” of entities and individuals in the United States, including the attacks cited by Treasury. According to the Justice Department, the Iranian ransomware group targeted a New Jersey-based accounting firm in February 2022, with Khatibi demanding $50,000 worth of cryptocurrency in exchange for not selling the company’s data on the black market.
Related: Monero’s favorite crypto as ransomware ‘double extortion’ attacks increase by 500%
On August 8, OFAC added more than 40 cryptocurrency addresses associated with the controversial mixer Tornado Cash to the list of Specially Designated Nationals, provoking criticism from many figures in and out of space. Treasury clarified on Tuesday that U.S. individuals and entities were not prohibited from sharing Tornado Cash’s code, but also required a special license to complete transactions initiated before the sanctions were imposed or to withdraw funds.