The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has taken action against six officials linked to the Iranian intelligence agency for their role in attacking critical infrastructure entities in the U.S. and other countries. The sanctioned individuals are Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, all of whom are associated with the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
Notably, Reza Lashgarian serves as the head of the IRGC-CEC and holds a position as a commander in the IRGC-Qods Force. It is alleged that he has been involved in various cyber and intelligence operations carried out by the IRGC.
The Treasury Department has accused these individuals of engaging in “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company.” This follows a revelation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in late November 2023, which disclosed that the Municipal Water Authority of Aliquippa in western Pennsylvania was targeted by Iranian threat actors exploiting Unitronics PLCs. These attacks were attributed to a group identified as “Cyber Av3ngers,” which has been active since 2020 and has been linked to several cyber attacks targeting critical infrastructure and other entities in Israel, the U.S., and Europe.
The Treasury Department has emphasized the sensitivity of industrial control devices such as programmable logic controllers, particularly when used in water and other critical infrastructure systems. Although the attack on the Municipal Water Authority of Aliquippa did not result in any disruptions to critical services, the unauthorized access to such infrastructure systems can have significant consequences, potentially harming the public and causing humanitarian crises.
In a separate incident, a pro-Iranian group known as Homeland Justice claimed to have launched an attack on Albania’s Institute of Statistics (INSTAT), alleging that terabytes of data had been stolen. This group has been targeting Albania since mid-2022 and has recently been observed using a destructive wiper malware dubbed “No-Justice.”
These developments underscore the persistent and evolving threat posed by Iranian threat actors to critical infrastructure and other entities, both domestically and internationally.
The actions taken by the OFAC serve as a warning to foreign entities engaging in malicious cyber activities that the U.S. government will not hesitate to hold them accountable for their actions. As the global cybersecurity landscape continues to face emerging challenges, cooperation among international partners and the sharing of threat intelligence remains crucial in mitigating and responding to cyber attacks.