Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US offers a $10 million reward for information on four Iranian nationals

The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned […]

LA Metro MuddyWater Iran Iran-linked actors

The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S..

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned two front companies, Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzar Arman (DAA) linked to the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC).

The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) is an organization within the Iranian government responsible for cybersecurity and cyber warfare. It is considered a major threat by many countries, including the United States, due to its involvement in various malicious cyber activities.

The Iranian nationals were involved in attacks against more than a dozen U.S. companies and government entities. The individuals launched spear-phishing and malware attacks. The U.S. Department of Justice and the Federal Bureau of Investigation unsealed an indictment against the four individuals for their roles in these cyber operations.

“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”

Iranian cyber actors persist in targeting the United States through various malicious cyber activities, including ransomware attacks on critical infrastructure and spear phishing campaigns against individuals, companies, and government entities.

The four Iranian nationals are Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab — are accused of participating in a malware operation using spear-phishing and other hacking techniques to harvest hundreds of thousands of corporate employee accounts.

Alireza Shafie Nasab and Reza Kazemifar Rahman targeted the U.S. entities while employed by MASN. Kazemifar was involved in the attacks against the Department of the Treasury. Hosein Mohammad Harooni targeted the Treasury Department and other U.S. entities using spear phishing and social engineering. Komeil Baradaran Salmani operated with several IRGC-CEC front companies and was involved in spear-phishing campaigns targeting various U.S. entities, including the Department of the Treasury.

“As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.” reads the announcement. “In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.”

The four men are still at large.

The Department of State also announced a $10 million reward for information leading to the arrest of the four Iranian nationals.

In February, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Iran)