The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials linked to Iran’s intelligence services for attacks on critical infrastructure entities in the United States and other countries.
These officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Man Milad Mansuri, Mohammad Bagher Shirinkar and Reza Mohammad Amin Saberian, who are affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber Electronics Command (IRGC-CEC).
Reza Lashgarian is also the head of the IRGC-CEC and the commander of the IRGC-Qods unit. He is alleged to have participated in various IRGC cyber and intelligence operations.
The U.S. Treasury Department said it had held the individuals responsible for “cyber operations in which they hacked into and posted images to the screens of programmable logic controllers made by the Israeli company Unitronics.”
In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that the Aliquippa Municipal Water Department in western Pennsylvania was targeted by Iranian threat actors using Unitronics PLC.
The attack was carried out by an Iranian hacktivist group known as the Cyber Avengers, a group that has been at the forefront of Israel’s conflict with Hamas, launching destructive campaigns against Israeli and U.S. entities. attack
The group has been active since 2020 and is alleged to have masterminded several other cyberattacks, including one against Boston Children’s Hospital in 2021 and others in Europe and Israel.
“Industrial control equipment, such as programmable logic controllers, used in water and other critical infrastructure systems are sensitive targets,” the U.S. Treasury Department noted.
“While this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems could lead to actions that harm the public and have devastating humanitarian consequences.”
Meanwhile, Homeland Justice, another pro-Iran “psychological action group,” said it attacked the Albanian Institute of Statistics (INSTAT) and claimed to have stolen terabytes of data.
Homeland Justice has been tracking Albania since mid-July 2022, and the threat actor was recently observed distributing wiper malware codenamed No-Justice.
