The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian officials associated with the Iranian intelligence agency for their involvement in state-backed cyber intrusions targeting critical national infrastructure (CNI) in the United States and other countries.
Description
These officials [1] [4] [5] [6] [7], who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) [1] [4] [6] [7], include the head of the cyber organization and a commander in the IRGC-Quds Force [5]. The US has identified the IRGC as responsible for a specific attack in December 2023 [6], where they defaced images and posted a message against Israel. While this attack was quickly resolved, the potential humanitarian consequences of unauthorized access to critical infrastructure have been emphasized by the OFAC [6].
The US Treasury Department strongly condemns these actions and is committed to holding the perpetrators accountable. The recent attacks had minimal impact [4], but the US remains concerned about the targeting of critical systems [4], viewing it as destabilizing and potentially escalatory [4]. The IRGC has a history of disruptive cyber attacks [4], and similar incidents are expected as the situation in the Middle East unfolds [4].
The water sector has been particularly vulnerable to cyber attacks from Russian, Iranian [1] [2] [3] [4] [6] [7], and Chinese actors [4], who perceive it as critical infrastructure [4]. As a result of the sanctions, the assets of the designated individuals in the US are now blocked, and transactions involving their property are prohibited [6]. Engaging in transactions with these sanctioned entities and individuals could lead to criminal prosecution [6].
The US is deeply concerned about the targeting of critical infrastructure systems and warns that cyber operations causing damage or impairment to these systems are destabilizing. Iranian cyber actors have previously targeted US critical infrastructure and have been responsible for similar malicious cyber activity in European countries and Israel [1]. The sanctions are being imposed under the counterterrorism authority Executive Order (EO) 13224 [1]. OFAC has designated the IRGC-CEC as the primary name for this group. The United States is sending a clear message that cyber operations targeting critical infrastructure will not be tolerated [2].
The US Cybersecurity & Infrastructure Security Agency (Cisa) has identified America’s water systems as vulnerable to cyber attacks [5]. In the past year, a group affiliated with the IRGC targeted the Municipal Water Authority of Aliquippa in Pennsylvania [5], successfully disabling a water pressure monitor using a simple default password [5]. This incident highlights the vulnerability of US water systems [5]. Federal officials are concerned about the increasing frequency of these attacks and the exposure of vulnerabilities [5]. Cisa warns that Iran [5], along with other countries like China [5], Russia [4] [5], and North Korea [5], continues to invest in cyber capabilities [5]. Furthermore, a pro-Iranian group called Homeland Justice has claimed responsibility for attacking Albania’s Institute of Statistics (INSTAT) and stealing terabytes of data [7]. This group has been targeting Albania since mid-July 2022 and recently deployed a wiper malware called No-Justice [7].
Conclusion
The US sanctions against Iranian officials involved in cyber intrusions targeting critical national infrastructure demonstrate the seriousness with which such actions are viewed. While the recent attacks had minimal impact [4], the potential humanitarian consequences of unauthorized access to critical infrastructure cannot be ignored [6]. The US remains concerned about the targeting of these systems [1] [4], considering it destabilizing and potentially escalatory [4]. The water sector [4] [6], in particular, has been vulnerable to cyber attacks [5], and the exposure of vulnerabilities in US water systems is a cause for concern. The US warns that cyber operations damaging or impairing critical infrastructure systems will not be tolerated. As the situation in the Middle East unfolds [4], similar incidents are expected [4], and it is crucial to continue investing in cybersecurity measures to mitigate future attacks.
References
[1] https://home.treasury.gov/news/press-releases/jy2072
[2] https://iranprimer.usip.org/blog/2024/feb/02/us-sanctions-iranian-officials-cyberattacks
[3] https://www.nbcnews.com/tech/security/iran-cyber-hack-unitronics-sanction-israel-rcna137012
[4] https://www.computerweekly.com/news/366568853/US-sanctions-Iranians-behind-CNI-cyber-attacks
[5] https://www.bbc.com/news/world-us-canada-68186945
[6] https://www.infosecurity-magazine.com/news/us-iran-sanctions-cyber-attacks/
[7] https://thehackernews.com/2024/02/us-sanctions-6-iranian-officials-for.html
