September 17, 2020
The United States has imposed sanctions on two Iranian entities and 45 associated individuals who carried out a malware campaign targeting Iranian dissidents, journalists and international travel companies, the U.S. Treasury Department said on Thursday.
The department named one of the entities as Iranian cyber threat group Advanced Persistent Threat 39 and the other as a front company called Rana Intelligence Computing Company (Rana), saying both are owned or controlled by Iran’s Ministry of Intelligence and Security (MOIS).
“The Iranian regime uses its Intelligence Ministry as a tool to target innocent civilians and companies, and advance its destabilizing agenda around the world,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is determined to counter offensive cyber campaigns designed to jeopardize security and inflict damage on the international travel sector.”
The Treasury said the 45 individuals were employed at Rana, serving as managers, programmers and hacking experts, and supported cyber intrusions targeting the networks of international businesses, institutions, air carriers, and other targets that the MOIS considered a threat.
The Treasury Department said that an FBI advisory, also being released on Thursday, detailed eight separate and distinct sets of malware used by MOIS through Rana to conduct their computer intrusion activities.
It said this is the first time most of these technical indicators have been publicly discussed and attributed to MOIS by the U.S. government. By making the code public, the FBI seeks to hinder MOIS’s ability to continue their campaign, ending the victimization of thousands of individuals and organizations, the Treasury Department added in its statement.