The U.S. Treasury Department of Foreign Assets Control (OFAC) said last week that it is imposing sanctions on cybercriminal group APT39.
According to the latter, these cyber criminals are affiliated with the Iranian government, a shell company and 45 individuals. In its recent statement, "Hidden behind its shell company, Rana Intelligence Computing Company (Rana), the Iranian government (GOI) ran a years-long malware campaign targeting Iranian dissidents, journalists and international travel companies.
This article will also interest you: The U.S. Department of Homeland Security hit by severe vulnerability
In parallel with OFAC's action, the U.S. Federal Bureau of Investigation (FBI) has released detailed information on APT39 in a public intelligence alert." The U.S. administration later added, "The Iranian regime is using its intelligence department as a tool to target innocent civilians and businesses and advance its destabilizing program around the world," said Treasury Secretary Steven T. Mr. Mnuchin. "The United States is committed to countering offensive cyber campaigns designed to compromise security and inflict damage on the international travel industry. »
The decision was welcomed by many figures in the Us political class, namely U.S. Secretary of State Mike Pompeo. He recently welcomed the Office of Foreign Assets Control's initiative: "Today, the United States sanctioned 47 Iranian individuals and entities involved in the Iranian regime's global cyber threat network. We will continue to denounce Iran's harmful behavior and we will never back down by protecting our homeland and our allies from Iranian pirates. »
In this case, the U.S. Treasury Administration stated in its statement: "Rana advances Iran's national security objectives and the strategic objectives of the Iranian Ministry of Intelligence and Security (MOIS) by conducting computer intrusion and malware campaigns against alleged adversaries, including foreign governments and others whom the MO considers a threat. APT39 is being designated in accordance with E.O. 13553 to be detained or controlled by the MONTHS, which had previously been designated on 16 February 2012 under Decrees 13224, 13553 and 13572, which respectively target terrorists and those responsible for human rights violations in Iran and Syria. "The 45 designated individuals held various positions while employing Rana, including managers, programmers and computer hacking experts. These individuals supported the MONTHS cyber intrusions targeting the networks of international companies, institutions, air carriers and other targets that THE MO considered a threat," the US Treasury added.
The administration will note that an intervention by the US Federal Police, the FBI, was necessary to counter the desires of this group of cyber-prisoners. Christopher Wray, Director of the Federal Bureau of Investigations (FBI), said: "The FBI, through our Cyber Division, is committed to investigating and interrupting malicious cyber campaigns, and working with our U.S. government partners to impose risks and consequences on our cyber adversaries.
Today, the FBI is releasing compromise indicators attributed to the Iranian MONTH to help computer security professionals everywhere protect their networks from the malicious actions of this nation-state." He also stressed: "The Iranian MONTH, through its screen company Rana, has recruited highly skilled people and turned their cyber talents into tools to exploit, harass and repress their fellow citizens and others considered a threat to the regime. We are proud to join our Treasury Department partners in denouncing these actions. The sanctions announced today hold these 45 people responsible for stealing data not only from dozens of networks here in the United States, but also on networks in Iran's neighbors and around the world."
According to the U.S. Treasury Department, the group of cybercriminals is camouflaged behind the company called Rana. The financial administration says they have used several cyber intrusion tools in recent months to target and monitor Iranian citizens living on U.S. soil, particularly journalists or dissidents. In view of the proven acts of cyber malice, the US administration imposes a sanction on the property held by the latter. The statement read: "All property and interests in the property of the above individuals and corporations, and of any entity owned, directly or indirectly, 50% or more, individually or with other stranded persons, who are in the United States or who are in possession or control of American persons, are blocked and must be reported to OFAC. Unless authorized by a general or specific license issued by OFAC or otherwise exempted, OFAC regulations generally prohibit all transactions by U.S. or U.S. persons (or in transit) that involve property or interest in the property of designated or otherwise blocked persons. Prohibitions include the contribution or provision of funds, goods or services by, to or for the benefit of a blocked person or receipt of any contribution or provision of funds, goods or services from such a person. ».
Now access an unlimited number of passwords: