US Sanctions Iran Over APT Cyberattack Activity

  /     /     /  
Publicated : 23/11/2024   Category : security


US Sanctions Iran Over APT Cyberattack Activity


The Treasury Department links the MuddyWater APT and APT39 to Irans intelligence apparatus, which is now blocked from doing business with US entities.



The feds have moved to sanction the Iranian government for its cybercrime activities, which they allege have been carried out in systematic fashion against US targets via a range of advanced persistent threat (APT) groups.
US Department of the Treasurys Office of Foreign Assets Control (OFAC) is specifically designating Irans Ministry of Intelligence and Security (MOIS) for engaging in cyber-enabled activities against the United States and its allies, since at least 2007.
The sanctions mean that US citizens and visitors to the US are prohibited from doing business or carrying out any transactions involving funds, goods, or services with the designated entities or their proxies.
The Treasury Department cited a recent cyberattack in July that
disrupted the Albanian government
as emblematic of Irans tactics; that incident resulted in the leaking of documents purported to be from the Albanian government and personal information associated with Albanian residents.
Irans cyberattack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public, Brian Nelson, undersecretary of the treasury for terrorism and financial intelligence, said
in a statement
on Friday. We will not tolerate Iran’s
increasingly aggressive cyber-activities
targeting the United States or our allies and partners.
John Hultquist, vice president at Mandiant Intelligence, notes that Iran has a history of targeting the MeK, the group at the center of the Albanian incident. These actors have also been involved in ransomware incidents that may have been ultimately designed for disruptive purposes rather than financial gain, he says. Those operations were a template for the Albania attack.
The sanctions also extend to Minister of Intelligence Esmail Khatib, who the Treasury Department said is responsible
for directing APT groups from within MOIS
. The Friday announcement specifically mentions his weapon as including the
MuddyWater APT
(aka OilRig or APT34, specializing in espionage on rival governments) and
APT39
(aka Chafer, which the US says supports Irans human rights abuses).
“MOIS carries out cyber-espionage and disruptive ransomware attacks on behalf of the Iranian government in parallel with the other Iranian security service, the IRGC, says Hultquist, who notes that Mandiant has previously linked both APTs to Tehran. They are largely focused on classic espionage targets such as governments and dissidents, and they have been found targeting upstream sources of intelligence like telecommunications firms and companies with potentially valuable personally identifiable information (PII).

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
US Sanctions Iran Over APT Cyberattack Activity