On September 14, 2022, the Department of the Treasury’s Office of Foreign Assets Control designated 10 individuals and 2 entities affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) as part of a series of designations aimed at protecting US persons from ransomware activity and other cybercrime. The designations were made by OFAC as part of a joint action with the Department of Justice, Department of State, Federal Bureau of Investigation, US Cyber Command, National Security Agency, and Cybersecurity and Infrastructure Security Agency (CISA). OFAC imposed the designations pursuant to Executive Order 13694, as amended, for supporting or providing goods and services that support a cyber-enabled activity.
OFAC reports that critical services and businesses around the world – including schools, government offices, hospitals and emergency services, transportation, energy and food companies – have experienced ransomware incidents, with more than $590 million in ransomware payments reported by US persons in 2021 alone. The government estimates that the reported payments represent just a faction of the economic harm caused by these malicious cyber actors. According to OFAC, at least a portion of the malicious cyber activity that has occurred since 2020 can be attributed to several named intrusion sets such as “APT 35,” “Charming Kitten,” “Nemesis Kitten,” “Phosphorus,” and “Tunnel Vision,” and several cybersecurity firms have connected these intrusion sets with the Government of Iran and, in particular, with acts involving ransomware and cyber-espionage. The designees are all part of a group that has launched extensive campaigns in 2021 targeting businesses and officials around the world, including a New Jersey municipality and a US-based children’s hospital. The 10 designated individuals are the employees and associates of 2 IRGC-affiliated entities, Najee Technology Hooshmand Fater LLC and Afkar System Vazd Company, both of which were designated by OFAC.
The State Department’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to identification or location of some of the new designees or any other person who participates in malicious cyber activities against the United States while acting under the direction or control of a foreign government. In addition, a joint Cybersecurity Advisory was recently issued by the CISA in an effort to provide the public with additional information regarding continued malicious cyber acts committed by IRGC affiliates.
As a result of these designations, all property and interests in property of this designee within the United States or within the possession or control of a U.S. person are blocked, and U.S. persons are generally prohibited from engaging in transactions involving the designated person. In addition, entities owned 50 percent or more by one or more blocked persons are also blocked.