Six Iranian intelligence service officials were sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department for cyberattacks hacking vital infrastructure facilities in the United States and other nations.
Members of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian.
Reza Lashgarian is a commander in the IRGC-Qods Force and the chairman of the IRGC-CEC. He is said to have taken part in a number of intelligence and cyber operations run by the IRGC.
These people, according to the Treasury Department, are being held accountable for “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company.”
Iranian threat actors used Unitronics PLCs to target the Municipal Water Authority of Aliquippa in western Pennsylvania, according to information released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in late November 2023.
The attack was credited to an Iranian hacktivist group known as Cyber Av3ngers, which rose to prominence following the Israel-Hamas conflict by carrying out damaging operations against American and Israeli targets.
Active since 2020, the gang is also suspected of being responsible for multiple additional cyberattacks, including one in 2021 that targeted Boston Children’s Hospital and others in Israel and Europe.
“Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets,” warned the Treasury Department.
“Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.”
This comes after the Institute of Statistics (INSTAT) in Albania was assaulted by a pro-Iranian “psychological operation group” called Homeland Justice, which claimed to have taken terabytes of data.
Since mid-July 2022, Homeland Justice has been targeting Albania; the threat actor was most recently seen distributing wiper malware under the alias No-Justice.