The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six individuals affiliated with the Iranian intelligence agency, attributed to cyberattacks targeting critical infrastructure in the United States and globally. This action underscores rising concerns related to cyber threats posed by state-sponsored actors.
The individuals sanctioned include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian. These officials are connected to the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Of particular note is Reza Lashgarian, who serves as the head of the IRGC-CEC and is a commander in the IRGC-Qods Force, with allegations linking him to various cyber and intelligence operations orchestrated by the IRGC.
The Treasury Department has held these individuals responsible for executing “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli firm.” Such actions highlight the growing sophistication of cyber tactics employed against infrastructure systems, emphasizing the vulnerability of industrial control systems.
In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that the Municipal Water Authority of Aliquippa in western Pennsylvania was targeted by Iranian threat actors exploiting vulnerabilities in Unitronics PLCs. This incident has drawn connections to a pro-Iranian hacker group known as Cyber Av3ngers, which has gained notoriety for targeting entities in Israel and the U.S. following the Israel-Hamas conflict. This group has been active since 2020 and was previously linked to attacks against Boston Children’s Hospital in 2021 and various targets across Europe.
The Treasury Department notes that industrial control devices, such as programmable logic controllers within critical infrastructure, represent sensitive targets. Although this particular operation did not result in the disruption of essential services, unauthorized access to these systems poses risks that could potentially lead to significant public safety threats and humanitarian crises.
In parallel, another pro-Iranian group named Homeland Justice recently announced an attack on Albania’s Institute of Statistics (INSTAT), claiming to have compromised terabytes of data. This group has been actively targeting Albania since mid-July 2022 and was observed deploying wiper malware codenamed No-Justice in its operations.
The tactics employed in these attacks potentially correlate with various MITRE ATT&CK techniques, including initial access through exploiting vulnerabilities, persistence via malware installation, and privilege escalation to gain higher levels of access within targeted systems. These frameworks help elucidate the techniques that threat actors may utilize to penetrate and compromise critical systems, making them essential for organizations aiming to bolster their cybersecurity posture.
As these incidents highlight, the vulnerabilities within critical infrastructure are significant, necessitating proactive measures and vigilance among business owners and cybersecurity professionals. The increasing frequency of such cyber incidents demands sustained attention and preparedness to mitigate the risks associated with state-sponsored cyber threats.