September 18, 2020

OFAC designates 45 individuals and two cyber companies for running a malware campaign on behalf of the Government of Iran

On September 17, 2020, the US Department of the Treasury’s Office of Foreign Assets Control designated 45 cyber actors, an Iranian cyber threat group, Advanced Persistent Threat 39 (APT39), and the Rana Intelligence Computing Company, a front company controlled by the Government of Iran, for their efforts to facilitate a targeted malware campaign against Iranian dissidents, journalists and the international travel sector.  Iran’s Ministry of Intelligence and Security (MOIS) also used Rana to conduct computer intrusions and malware campaigns against foreign governments, and individuals and entities from over 30 different countries across Asia, Africa, Europe, and North America, including 15 US companies primarily in the travel sector.  

The designations of the 45 individuals, APT39 and Rana were all made pursuant to Executive Order 13553, for being owned or controlled by MOIS, a group previously designated in 2012 pursuant to E.O. 13224, 13553, and 13572, that targets terrorists and other groups responsible for human rights abuses in Iran and Syria.  The 45 individuals were sanctioned for providing material support of MOIS, while employed by Rana as managers, programmers, and hacking experts.

Concurrent with the OFAC action, the US Federal Bureau of Investigation released a public intelligence alert detailing information about the eight separate and distinct sets of malware, including the malware code used by APT 39 and Rana, in an effort to hinder MOIS ability to continue its intrusive campaign.

As a result of these designations, all US property belonging to these individuals and entities are blocked, and all transactions and dealings with them are generally prohibited.  In addition, any entity in the US that is owned fifty percent or more by the sanctioned person or entity is also blocked.

Department of the Treasury Press Release