The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six Iranian intelligence officials responsible for attacks on critical infrastructure facilities in the United States and other countries.
These officials included Hamid Reza Rashgarian, Mahdi Rashgarian, Hamid Homayounpal, Milad Mansouri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian from Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). .
Reza Lashgarian is the head of the IRGC-CEC and also the commander of the IRGC-Qods Force. He was reportedly involved in various IRGC cyber and intelligence operations.
The Treasury Department said the individuals were responsible for carrying out “a cyber operation that hacked and posted images on the screens of programmable logic controllers manufactured by the Israeli company Unitronics.”
In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed that the Aliquippa City Water Authority in western Pennsylvania was targeted by Iranian threat actors through the abuse of Unitronics PLC.
The attack has been attributed to an Iranian hacktivist persona called Cyber Av3ngers. Cyber Av3ngers emerged on the front lines following the Israel-Hamas conflict, carrying out devastating attacks on Israeli and American institutions.
The group, which has been active since 2020, is also reportedly behind several other cyberattacks, including one targeting Boston Children’s Hospital in 2021 and attacks targeting Europe and Israel.
“Industrial control devices, such as programmable logic controllers used in water and other critical infrastructure systems, are sensitive targets,” the Treasury Department noted.
“While this particular operation did not disrupt critical services, unauthorized access to critical infrastructure systems could cause harm to the public and have devastating humanitarian consequences.”
The development comes as another pro-Iranian ‘psychological operations group’ known as Homeland Justice attacked Albania’s National Statistical Institute (INSTAT) and claimed to have stolen terabytes of data.
Homeland Justice has a track record of targeting Albania since mid-July 2022, most recently the threat actor was observed delivering wiper malware codenamed No-Justice.
