US Treasury Sanctions Iranian Minister Over Hacking of Govt and Allies

  • The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for allegedly engaging in cyber–enabled activities against the US and its allies.

    According to a press release on the OFAC website, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting several government and private–sector organizations worldwide since as early as 2007.

    “Today’s action is being taken pursuant to Executive Order (EO) 13694, as amended, which targets those who engage in malicious cyber activities,” reads the advisory.

    “MOIS was previously designated pursuant to Executive Orders 13224, 13472, and 13553 for its support to multiple terrorist groups and for being responsible for, or complicit in, the commission of serious human rights abuses against the Iranian people.”

    Additionally, under Esmail Khatib’s leadership, the MOIS would have directed several networks of cyber threat actors involved in cyber–espionage and ransomware attacks in support of Iran’s political goals.

    These include the MuddyWater ransomware operations against the Turkish government entities in November 2021, the APT39 widespread theft of personal identifiable information (PII) in 2020 and, more recently, the cyber activity that affected Albanian government websites.

    “Iran’s cyber–attack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public,” said the undersecretary of the treasury for terrorism and financial intelligence Brian E. Nelson.

    “We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners.”

    The sanctions come weeks after Microsoft released details of alleged hacking campaigns linked to MuddyWater exploiting Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel.

    In adjacent news, OFAC also issued sanctions against virtual currency mixer Tornado Cash last month for connections between the company and North Korean state–sponsored hacking group Lazarus.