Washington has imposed sanctions on Iran's Ministry of Intelligence and its minister Esmail Khatib, accusing them of being tied to a disruptive July cyber attack on Albania and engaging in other cyber activities against the US and its allies.
The move comes after Albania severed diplomatic relations with Iran on Wednesday over the cyber attack, and ordered Iranian diplomats and embassy staff to leave within 24 hours.
The US Treasury Department said on Friday that Iran's Ministry of Intelligence was responsible for directing several networks of cyber threat actors, including those involved in cyber espionage and ransomware attacks in support of the government in Tehran.
"Iran's cyber attack against Albania disregards norms of responsible peacetime state behaviour in cyber space, which includes a norm on refraining from damaging critical infrastructure that provides services to the public," Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said.
His remarks were echoed by US Secretary of State Antony Blinken.
The Treasury singled out one active Iranian group, MuddyWater, which it said has conducted cyber campaigns since 2018, exploiting foreign network vulnerabilities to steal sensitive data and using ransomware.
"We will not tolerate Iran’s increasingly aggressive cyber activities," Mr Nelson said.
Albania cuts ties with Iran over cyber attack
The sanctions seek to freeze any assets those designated might have under US jurisdiction and forbid US residents or companies, including international banks with US operations, from doing business with them, a move aimed and blocking their access to global financial networks.
Iran rejected the sanctions as ineffective and politically motivated.
"Like previous illegal US sanctions against the Ministry of Intelligence, this new label will never be able to create the slightest hinder in the determination of the Iranian people's security servicemen in this proud institution," Iranian state media quoted Foreign Ministry representative Nasser Kanaani as saying.
"The announcement of immediate US support for the Albanian government's false accusation against Iran clearly shows that it is the US government that has designed this scenario against Iran."
Microsoft, whose cyber security research team helped to investigate the incident, said in a blog post on Thursday that the Iranian operation involved a combination of digital espionage techniques, data-wiping malware and online information operations.
The goal of the hackers, according to researchers, appeared to be to embarrass Albanian government officials.
The July attacks temporarily disrupted government websites and other public services. Analysts say the operation was intended to punish Albania for supporting an Iranian dissident group based in the country.
— With reporting from Reuters and AFP
