The Office of Foreign Asset Control of the United States Treasury Department has added 10 individuals, 2 entities, and a number of crypto addresses that are allegedly associated with an Iranian ransomware group to its list of Specially Designated Nationals. This effectively makes it illegal for individuals and businesses based in the United States to engage in business with any of these individuals or entities. (Iranian military-linked ransomware gang)
The U.S. Treasury stated in an announcement on Wednesday that the individuals and businesses in the ransomware group were associated with Iran’s Islamic Revolutionary Guard Corps, a military branch. The group is said to have “conducted a diverse range of malicious cyber-enabled activities,” such as compromising the systems of a children’s hospital in the United States in June 2021 and focusing on “U.S. and Middle Eastern diplomatic, government, and military personnel.”
As part of its secondary sanctions, OFAC listed seven Bitcoin addresses thought to be connected to Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar, two Iranian nationals. Since 2007, the Treasury Department claims that Khatibi has been associated with the technology and computer services company Afkar System, which is one of two organizations approved by the same announcement. Nikaeed allegedly “leased and registered network infrastructure” to support the ransomware group, according to the government department.
According to Brian Nelson, undersecretary of the Treasury for Terrorism and Financial Intelligence, “Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board — directly threatening the physical security and economy of the United States and other nations.”To combat and prevent ransomware threats, we will continue to coordinate with our global partners.” (Iranian military-linked ransomware gang)
The notice came as the Justice Department announced an indictment against Khatibi, Nikaeed, and Mansour Ahmadi, also one of the people named in OFAC’s sanctions, for allegedly “orchestrating a scheme to hack into the computer networks” of American businesses and individuals, including the Treasury attacks. The Justice Department says that in February 2022, the Iranian ransomware group went after an accounting firm in New Jersey. In exchange for not selling the company’s data on the black market, Khatibi demanded $50,000 in cryptocurrency.
OFAC’s addition of more than 40 cryptocurrency addresses associated with the contentious mixer Tornado Cash to its list of Specially Designated Nationals on August 8 drew criticism from numerous industry and non-industry figures. On Tuesday, Treasury made it clear that U.S. individuals and organizations were not prohibited from sharing Tornado Cash’s code; however, they were also required to have a special license in order to finish transactions that were started before the sanctions were imposed or withdraw money.