IRAN’S THREATU.S. Sanctions on Iranian Hackers Highlight Growing Concern About the Islamic Republic’s Cyberwarriors
A feature of the simmering tensions between the US, Israel and Iran has been not just the tit-for-tat missile and drone strikes and assassinations, but accusations of cyberwarfare waged by Iran.
A feature of the simmering tensions between the US, Israel and Iran has been not just the tit-for-tat missile and drone strikes and assassinations, but accusations of cyberwarfare waged by Iran.
On April 23, the US Treasury announced it was sanctioning two Iranian companies and four Iranian individuals for conducting malicious cyberattacks against more than a dozen US companies and government organizations. The Treasury alleged that these organizations and individuals had conducted spear phishing, malware and ransomware attacks, which it said aimed to destabilize important national infrastructure in the US.
This followed an announcement in February that it was sanctioning a group of Iranian hackers linked to the country’s military for what it described as “unconscionable and dangerous” attacks on water and wastewater systems in the US.
Identifying the people behind these attacks can often be challenging. But the US is claiming the hacks are perpetrated by “front companies” and hackers operating for Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command (IRG-CEC).
The main sanctioned company, Mehrsam Andisheh Saz Nik (MASN) is identified as regularly launching what is known in the cyber world as advanced persistent threat (APT) attacks.
APTs are long-term attacks on high-value targets such as large companies and government organizations.
MASN was linked in 2019 by cybersecurity giant Symantec (now Gen Digital Inc) with a group it called Tortoiseshell. Symantec said Tortoiseshell had been active in the Middle East since at least July 2018. It was linked with cyberattacks against Saudi Arabian IT providers and Israeli shipping, logistics and financial services companies.
Much less is known about the actions of the second sanctioned company, Dadeh Afzar Arman. But from information available online, it claims to be a software and web development company based in Tehran.
Alongside the sanctions, the US government is offering a reward of US$10 million (£8 million) and a “plane ticket to somewhere new” for anyone having more information about the hackers in question.
The recent announcement follows a wider pattern of the US naming and shaming cybercrime groups it has identified and linked to rogue activity.
By publicly naming these groups, in this instance, the US says it wants to inform the Iranian public that the IRG-CEC is using these companies for launching illegal cyber-attacks against international targets. But efforts by the US government to deter state-backed hackers working for governments including Iran, China and Russia have yet to bear fruit.
To date, no such suspects have ever been apprehended to stand trial in the US.
