Tuesday , September 10 2024
US

U.S. Sanctions 6 Iranian Officials for Cyber Attacks

On Feb. 2, 2024, the United States imposed sanctions on six Iranian officials for cyber-attacks in the US and other countries. The sanctions were in response to the Jan. 28, 2024, attack on a US outpost in northeast Jordan near the border with Syria and Iraq, where three American soldiers were killed and 47 were injured.

The Treasury Department accused the head of the Cyber-Electronic Command of the Islamic Revolutionary Guard Corps and five other senior officials. Brian Nelson, the Under Secretary of the Treasury for Terrorism and Financial Intelligence, condemned the intentional targeting of critical infrastructure by Iranian cyber actors. The Treasury and State Departments released statements regarding this issue.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

Treasury Department Press Release:

Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six officials in the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), an Iranian government organization responsible for a series of malicious cyber activities against critical infrastructure in the United States and other countries.

“The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account.”

The United States is taking action against these individuals in response to IRGC-affiliated cyber actors’ recent cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company. Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets. Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.

In this case, the United States, in coordination with the private sector and other affected countries, quickly remediated the incidents with minimal impacts. The United States nevertheless is deeply concerned about the targeting of these systems and cautions that cyber operations that intentionally damage or otherwise impair the use and operation of critical infrastructure to provide services to the public are destabilizing and potentially escalatory.

Iranian cyber actors previously committed and attempted malicious cyber activities against U.S. critical infrastructure, including ransomware attacks and an attempted operation against Boston Children’s Hospital in 2021. They are also responsible for similar malicious cyber activity targeting European countries and Israel.

Today’s action is being taken pursuant to the counterterrorism authority Executive Order (E.O.) 13224, as amended. OFAC designated the IRGC-CEC, also known as the IRGC Electronic Warfare and Cyber Defense Organization, pursuant to E.O. 13606 on January 12, 2018, for being owned or controlled by, or acting for or on behalf of, the IRGC, which itself was designated pursuant to E.O. 13224 on October 13, 2017. Today, OFAC is updating the SDN List to identify the IRGC-CEC as the group’s primary name.

DESIGNATION OF IRGC-CEC SENIOR OFFICIALS:

Hamid Reza Lashgarian is the head of the IRGC-CEC, and is also a commander in the IRGC-Qods Force. Hamid Reza Lashgarian has been involved in various IRGC cyber and intelligence operations.

Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian are senior officials of the IRGC-CEC.

Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian are designated pursuant to E.O. 13224, as amended, for being leaders or officials of the IRGC-CEC.

SANCTIONS IMPLICATIONS:

As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Statement by State Department Spokesperson Matthew Miller:

The United States is today designating the head of Iran’s Islamic Revolutionary Guard Corps Cyber–Electronic Command (IRGC-CEC), an organization that has been responsible for a series of cyberattacks on critical infrastructure in the United States and other countries, and five of its senior officials.
The United States is taking action against these individuals to respond to these harmful activities and IRGC-affiliated cyber actors’ recent cyber operations targeting programmable logic controllers (PLCs), in which actors used default credentials to display an anti-Israel message on the PLCs’ human-machine interface. Industrial control devices, such as PLCs, used in water and other critical infrastructure systems, are sensitive targets. Although this particular operation fortunately did not disrupt any critical services, unauthorized access to critical infrastructure systems poses an elevated risk of harm to the public and can result in devastating humanitarian consequences.

Cyber operations that intentionally damage or impair the operation of critical infrastructure are destabilizing and potentially escalatory. Today’s action sends a clear message that such actions will not be tolerated.

Check Also

Ransomhub

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is …

Leave a Reply

Your email address will not be published. Required fields are marked *