U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) imposed sanctions against six officials associated with the Iranian intelligence service for assaulting critical infrastructure entities in the U.S. and other countries.

The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

Reza Lashgarian is also the chief of the IRGC-CEC and a commander in the IRGC-Qods Force. He is alleged to have been involved in several IRGC cyber and intelligence operations.

The Treasury Department says it's holding these individuals responsible for carrying out "cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company."

In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that the Municipal Water Authority of Aliquippa in western Pennsylvania was targeted by Iranian threat actors via compromising Unitronics PLCs.

The attack was ascribed to an Iranian hacktivist persona dubbed Cyber Av3ngers, which rose to the forefront in the aftermath of the Israel-Hamas conflict, staging devastating strikes against entities in Israel and the U.S.

The organization, which has been operating since 2020, is also alleged to be behind several other cyber attacks, including one targeting Boston Children's Hospital in 2021 and others in Europe and Israel.

"Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets," the Treasury Department stated.

"Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences."

The development comes as another pro-Iranian "psychological operation group" called as Homeland Justice stated it attacked Albania's Institute of Statistics (INSTAT) and claimed to have taken terabytes of data.

Homeland Justice has a track record of targeting Albania since mid-July 2022, with the threat actor most recently spotted distributing a wiper virus nicknamed No-Justice.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive material we provide.