The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has announced sanctions against six Iranian intelligence officials associated with the IRGC-CEC for their involvement in cyber attacks on critical infrastructure entities globally. Among the sanctioned individuals are prominent figures such as Reza Lashgarian, the head of IRGC-CEC, accused of engaging in various cyber and intelligence operations. The sanctions stem from cyber operations targeting programmable logic controllers, notably those manufactured by Unitronics, an Israeli company. The Municipal Water Authority of Aliquippa in Pennsylvania fell victim to such attacks in late November 2023, revealing the far-reaching impact of Iranian threat actors on essential infrastructure.
The Treasury Department highlights the sensitivity of industrial control devices, emphasizing the potential for unauthorized access to critical infrastructure systems to cause devastating humanitarian consequences. Although the specific operation did not disrupt critical services, the potential risks associated with such cyber attacks are underscored. The Iranian hacktivist persona known as Cyber Av3ngers is implicated in the Unitronics PLCs attack, having gained attention after destructive actions during the Israel-Hamas conflict. The group, active since 2020, has been linked to various cyber attacks globally, including incidents targeting Boston Children’s Hospital in 2021 and other entities in Europe and Israel.
Simultaneously, another pro-Iranian group, Homeland Justice, claimed responsibility for attacking Albania’s Institute of Statistics (INSTAT), asserting the theft of terabytes of data. Homeland Justice, known for psychological operations, has been targeting Albania since mid-July 2022, employing a wiper malware called No-Justice. This multifaceted threat landscape underscores the persistent and evolving nature of cyber threats originating from Iranian entities, prompting heightened concerns about the potential geopolitical and humanitarian consequences of such actions on a global scale.