The United States has imposed sanctions on 10 individuals and two entities that it says are linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and are involved in “malicious” cyber actions, including ransomware activity.
In a statement on Wednesday, the US Department of the Treasury accused the “group of Iran-based malicious cyber actors” of compromising networks based in the US and other nations since at least 2020.
“This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” the department said.
The sanctions come on the heels of economic measures imposed last week targeting Iran’s Ministry of Intelligence and Security over what the US called “malign cyber activities” as the two countries struggle to find a way back into the 2015 nuclear deal.
Those sanctions last Friday were in response to a July cyberattack that disrupted government websites in Albania, which Washington and Tirana blamed on Tehran. The Iranian government has denied any involvement.
The administration of US President Joe Biden also imposed penalties on several Iranian companies last week, accusing them of being involved in the production and transfer of drones to Russia for the war in Ukraine. Tehran has not commented on that allegation.
The US government has been piling sanctions on Iran since then-President Donald Trump withdrew from the nuclear deal in 2018.
The multilateral pact, formally known as the Joint Comprehensive Plan of Action (JCPOA), had seen Iran scale back its nuclear programme in exchange for a lifting of international sanctions against its economy. But efforts to return to the deal under Biden have stalled.
Wednesday’s sanctions block the targeted firms’ and individuals’ assets in the US and make it illegal for American citizens to do business with them.
The IRGC is a branch of the Iranian military that ultimately answers to Supreme Leader Ali Khamenei. It is responsible for the Iranian government’s covert foreign operations and military support for regional allies.
“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board—directly threatening the physical security and economy of the United States and other nations,” Treasury official Brian E Nelson said in the statement.
Reported ransomware payments in the US reached over $590m in 2021, compared to a total of $416m in 2020, the Treasury Department also said.
“In addition to the millions of dollars directly paid in ransoms and allocated to response and recovery, the disruption to critical sectors underscores the objectives of those who seek to weaponize technology for personal gain, disrupting our economy and damaging the companies, families, and individuals,” Wednesday’s statement read.