The Office of Foreign Assets Control (OFAC) of the United States Treasury Department has stated that sanctions will be imposed on six officials linked with the Iranian intelligence service for their involvement in attacks against vital infrastructure firms in the United States and foreign countries.
Among the officials are Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian. All of these individuals are members of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
Reza Lashgarian is not only a commander in the IRGC-Qods Force but also the leader of the IRGC-CEC. There are allegations that he participated in a variety of cyber and intelligence activities carried out by the IRGC.
The United States Department of the Treasury has stated that it is holding these individuals accountable for carrying out “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company.”
Late in the month of November 2023, the United States Cybersecurity and Infrastructure Security Agency (CISA) disclosed that Iranian threat actors had exploited Unitronics PLCs in order to target the Municipal Water Authority of Aliquippa, which is located in western Pennsylvania.
It was determined that the attack was carried out by an Iranian hacktivist group known as Cyber Av3ngers. This group rose to prominence in the aftermath of the conflict between Israel and Hamas, and they were responsible for carrying out destructive strikes against entities in Israel and the United States.
The organisation, which has been operating since the year 2020, is also suspected of being responsible for a number of other cyber attacks, one of which targeted the Boston Children’s Hospital in the year 2021, as well as similar strikes in Europe and Israel.
“Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets,” according to a Treasury Department report.
“Although this particular operation did not disrupt any critical services, unauthorised access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.”
Another pro-Iranian “psychological operation group” called as Homeland Justice has announced that it has targeted the Institute of Statistics (INSTAT) in Albania and claimed to have stolen terabytes of data. This new development comes at the same time to the previous one.
There is evidence that Homeland Justice has been targeting Albania since the middle of July 2022. The threat actor was most recently seen deploying a wiper malware that was given the alias No-Justice.