The United States on Wednesday (15 September) imposed more sanctions on Iranian individuals and entities, the second raft in a week, due to authorities’ involvement in a number of malicious cyberattacks on Washington and its allies.
In a statement published on Wednesday, the US Department of the Treasury levied sanctions on ten individuals and two entities for involvement in the attacks, which include the use of ransomware. The designated entities are all affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board—directly threatening the physical security and economy of the United States and other nations,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
“We will continue to take coordination action with our global partners to combat and deter ransomware threats, including those associated with the IRGC.”
The US government states that ransomware payments in the US totalled $590 million in 2021 and are rising year on year. They accuse the perpetrators of seeking to harm the US, citizens, and the country’s allies.
The IRGC is believed to have been working with a group of Iran-based malicious cyber actors who have been attacking the US and allied nations since 2020, exploiting software vulnerabilities and engaging in unauthorised computer access, data exfiltration, ransom requests, and other malicious activities.
Several cybersecurity firms have determined these intrusion sets as being associated with the Government of Iran, the treasury statement says.
Albanian woes
One such company is Microsoft, which last week published a statement regarding a cyberattack on Albania, which it helped thwart.
The tech company wrote, “Microsoft assessed with high confidence that on 15 July, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier.”
During this attack, all government websites and citizen portals came offline and Microsoft, the FBI and private security companies were drafted in to fix the problem which took several days of intensive work to complete.
On 7 September Prime Minister Edi Rama announced the severance of diplomatic ties with Iran. All diplomats in the country had 24 hours to return to Tehran and police and anti-bomb squads descended on the embassy.
Then, on 10 September, a second attack brought all border management systems offline at airports, ports, and land borders. While many were back up and running in a few hours, some remained offline for several days.
Shortly after the first attack, a site called ‘Homeland Justice’ appeared, promising to publish rafts of government document including emails and confidential information. Last week, it put up for sale tranches of sensitive data including that of all citizens registered with the e-Albania portal, as well as data from other government institutions.
It is not known if the data has been sold to anyone, and if so, to whom.
Rama had a telephone call with US Secretary of state, Anthony Blinken on Tuesday where the latter emphasised the importance of US-Albania cooperation and that with NATO.
“Secretary Blinken condemned the irresponsible cyber-attack of September 9, which follows Iran’s cyber-attack on Albania on July 15. The secretary emphasized the importance of the US-Albania cooperation, as an ally in NATO, for regional security”, wrote the US embassy on Facebook.
A subsequent call with NATO head Jens Stoltenberg brought further confirmations of support for the country, which is home to one NATO airbase and potentially a new NATO naval base.
Rama told Exit that,”he attack was a massive assault to wipe out completeley our digital infrastructure together with all related data. It didn’t succeed and damages were far less then one would fear after such a blow.”
In terms of ongoing risks he said the government anticipates other attacks and is “accelerating all our plans to build a state of the art cyber defence in close cooperation with our allies.”
As for other threats to the country, the prime minister said he is not concerned.
“As we speak we do not see wider risks and we are satisfied with the level of solidarity from US, NATO and EU, which seems to go much more beyond the kind words of circumstances.”
Meanwhile in the US, the treasury said the cybercriminals attacked the New Jersey municipality, banks, law firms, hospitals and health care facilities, schools, and transportation providers.
The sanctioned companies include Najee Technology and Afkar system, along with their owners and key employees. Under the sanctions, all property and interests that are in the US or in the control of US persons are blocked. Additionally, all transctions by US individuals are also blocked.
These developments take place in the context of fading momentum for the EU-mediated new nuclear deal that seemed to be there earlier this month. Germany, France and Britain on Saturday raised “serious doubts” in a tripartite statement about Iran’s sincerity in restoring the accord.
The European nations charged that Tehran “has chosen not to seize this critical diplomatic opportunity”, adding that “instead, Iran continues to escalate its nuclear programme way beyond any plausible civilian justification”.
Iran’s foreign ministry, which also denies the cyber attacks on Albania, criticised those comments as “unconstructive.”, AFP reported.
Meanwhile, Israeli Prime Minister Yair Lapid arrived in Germany Sunday to persuade Western powers to ditch the tattered deal altogether.