The recent Iranian cyberattacks targeting American critical infrastructure sectors have led to the United States imposing sanctions on senior leaders of the Iranian government cyber unit responsible for the malicious campaigns. The Department of Treasury added Iranian Islamic Revolutionary Guards Corps Cyber-Electronic Command head Hamid Reza Lashgarian to a blacklist, prohibiting transactions with U.S. persons. Other senior Cyber-Electronic Command leaders – Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian – were also added to the list.

The IRGC-CEC was behind a series of attacks targeting organizations that use systems and software developed by Unitronics, an Israeli company specializing in programmable logic controllers used in water and other critical infrastructure systems. One of the attacks affected a small municipal water authority in Pennsylvania, which fell victim to an Iranian cyberattack, disrupting the water supply pump during the Thanksgiving holiday.

The Treasury Department stated that the six senior Iranian officials have been involved in various IRGC cyber and intelligence operations, including notable ransomware attacks such as an attempted operation against Boston Children’s Hospital in 2021. The sanctions were placed in response to the recent Unitronics-related hackings, with the Treasury emphasizing that unauthorized access to critical infrastructure systems can result in actions that harm the public and cause devastating humanitarian consequences.

Brian Nelson, undersecretary of the Treasury for terrorism and financial intelligence, condemned the deliberate targeting of critical infrastructure by Iranian cyber actors, affirming that the United States will use the full range of tools and authorities to hold the perpetrators accountable. As a result of the sanctions, the six Iranian officials are restricted from possessing any property or investments in the U.S. and are prohibited from conducting transactions with U.S. citizens or businesses.

John Hultquist, chief analyst of the security firm Mandiant, noted that similar incidents are likely to occur amid the evolving situation in the Middle East. U.S. involvement in the Israel-Hamas war has stirred controversy, leading to cyberattacks on domestic critical infrastructure and a deadly attack on a U.S. base in Jordan. Hultquist emphasized that the water sector has been under enormous pressure lately from Russian, Iranian, and Chinese cyber actors who recognize it as a vulnerable critical infrastructure.

The Biden administration previously attempted to make cybersecurity a component of federally mandated safety assessments of water systems but faced judicial opposition and backed down in October. Hultquist emphasized the need to take the threats to water seriously, while also acknowledging that the adversary’s primary goal is psychological.

Given the increasing threats to critical infrastructure, it is crucial for the United States to prioritize cybersecurity measures and implement strategies to defend against cyberattacks targeting water and other essential systems. The sanctions against Iranian cyber actors send a strong message regarding the consequences of targeting U.S. critical infrastructure, but ongoing vigilance and proactive measures are essential in safeguarding against future attacks.

Source link