Threat Intelligence

08:50 AM

7 Indicted Iranian Nationals Now Hit with Sanctions by US Treasury

US Dept. of Treasury has announced sanctions against Iranian nationals and security firms for 'malicious cyber-activity' against US interests.

Seven alleged Iranian hackers from security companies working on behalf of that nation's government that were indicted by the US Department of Justice in early 2016 now have been slapped with new sanctions by the US Department of Treasury.

Treasury's Office of Foreign Assets Control (OFAC) has sanctioned a total of 11 Iranian entities and individuals for alleged support of malicious cyber activity as well as two Iran-based networks behind the massive distributed denial-of-service attacks that hit US financial institutions in 2012. 

Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26; allegedly launched DDoS attacks against 46 organizations - mainly US financial institutions - from late 2011 to mid-2013, and were indicted by the DoJ last year. Firoozi was also charged with hacking into a server at a New York dam between August and September 2013. The seven Iranians were employed by ITSecTeam (ITSEC) and Mersad Company (MERSAD), both of which were working for the Iranian government and the Islamic Revolutionary Guard.

According to the Treasury Department's announcement, the new sanctions mean that "all property and interests in property of those designated subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them."
Any foreign financial institutions that conduct or facilitate transactions for the sanctioned individuals or entities - as well as individuals who support them materially - also face possible sanctions, the Treasury said. The sanctions also included organizations allegedly supporting terrorist activities.
Read the Treasury Dept. sanctions announcement here.


Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
City of Atlanta Hit with Ransomware Attack
Dark Reading Staff 3/23/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.