Critical Infrastructure Security

US Sanctions Iranian Cyber Heads for Attacks on Israeli Tech

Sanctions Follow Iranian Cyberattacks Targeting US Critical Infrastructure Sectors
US Sanctions Iranian Cyber Heads for Attacks on Israeli Tech
The Azadi Tower in Tehran as it appeared on Jan. 6, 2010 (Image: Shutterstock)

The United States sanctioned senior leaders of the Iranian government cyber unit responsible for carrying out a series of malicious cyber campaigns against American critical infrastructure sectors.

See Also: Dynatrace named a Leader in the 2023 Gartner® Magic Quadrant™ for APM and Observability

The Department of Treasury added Iranian Islamic Revolutionary Guards Corps Cyber-Electronic Command head Hamid Reza Lashgarian to a blacklist of those outlawed from conducting transactions with U.S. persons.

Also newly on the list are senior Cyber-Electronic Command leaders Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar and Reza Mohammad Amin Saberian.

The IRGC-CEC was behind a series of attacks targeting organizations that use systems and software developed by Unitronics, an Israeli company that develops programmable logic controllers used in water and other critical infrastructure systems.

A small municipal water authority in Pennsylvania that uses Unitronics devices fell victim to an Iranian cyberattack in November during the Thanksgiving holiday that shut down a supply pump providing drinking water to thousands of residents across multiple municipalities (see: US CISA: Secure Israeli-Made Technology From Iranian Hackers).

The Treasury Department said the six senior Iranian officials have been involved in various IRGC cyber and intelligence operations, including notable ransomware attacks such as an attempted operation against Boston Children's Hospital in 2021. The Treasury said the sanctions were placed in response to the recent Unitronics-related hackings and in statement said that "unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences."

"The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act," Brian Nelson, undersecretary of the Treasury for terrorism and financial intelligence, said, adding that the United States "will use the full range of our tools and authorities to hold the perpetrators to account."

The sanctions restrict the six Iranian officials from possessing any property or investments in the U.S. They are also sanctioned from conducting any transactions with U.S. citizens or businesses.

Similar incidents are likely to occur amid the evolving situation in the Middle East, according to John Hultquist, chief analyst of the security firm Mandiant. U.S. involvement in the Israel-Hamas war has continued to stir controversy, leading to cyberattacks on domestic critical infrastructure as well as a deadly attack on a U.S. base in Jordan near the border with Syria and Iraq in which three service members were killed.

"The ultimate purpose of these hacks is to scare us and attack our trust in our own basic safety," Hultquist said in a statement, adding that the water sector "has been under enormous pressure lately from Russian, Iranian, and Chinese cyber actors who recognize it as a vulnerable critical infrastructure."

The Biden administration attempted to make cybersecurity a component of federally mandated safety assessments of water systems but backed down in October after encountering judicial opposition (see: US EPA Nixes Cybersecurity Assessments of Water Systems).

"We have to take the threats to water seriously, but we can't forget that the adversary's primary goal is psychological," Hultquist said.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.