US sanctions two companies and 45 people in Iranian 'cyber threat group'

The sanctions coincided with new measures against Hezbollah funding channels in Lebanon

A handout picture provided by the Iranian presidency on September 2, 2020 shows President Hassan Rouhani chairing a cabinet meeting in Tehran. Rouhani hailed the show of unity by parties to the 2015 nuclear deal, after they opposed US efforts to restore international sanctions.
- === RESTRICTED TO EDITORIAL USE - MANDATORY CREDIT "AFP PHOTO / HO / IRANIAN PRESIDENCY" - NO MARKETING NO ADVERTISING CAMPAIGNS - DISTRIBUTED AS A SERVICE TO CLIENTS ===
/ AFP / Iranian Presidency / Handout / === RESTRICTED TO EDITORIAL USE - MANDATORY CREDIT "AFP PHOTO / HO / IRANIAN PRESIDENCY" - NO MARKETING NO ADVERTISING CAMPAIGNS - DISTRIBUTED AS A SERVICE TO CLIENTS ===

Iranian President Hassan Rouhani chairing a cabinet meeting in Tehran. Iranian Presidency via AFP, HO from I

Sep 17, 2020

The United States imposed sanctions on two Iranian entities and 45 associated individuals who carried out a malware campaign targeting Iranian dissidents, journalists and international travel companies, the US Treasury Department said on Thursday.

The department named one of the entities as Iranian cyber threat group Advanced Persistent Threat 39 and the other as a front company called Rana Intelligence Computing Company (Rana), saying both are owned or controlled by Iran's Ministry of Intelligence and Security (MOIS).

"The Iranian regime uses its Intelligence Ministry as a tool to target innocent civilians and companies, and advance its destabilising agenda around the world," Treasury Secretary Steven Mnuchin said in a statement. "The United States is determined to counter offensive cyber campaigns designed to jeopardise security and inflict damage on the international travel sector."

In a State Department statement, Secretary of State Mike Pompeo called Iran “one of the world’s leading threats to cybersecurity and human rights online.”

The Treasury said the 45 individuals were employed at Rana, serving as managers, programmers and hacking experts, and supported cyber intrusions targeting the networks of international businesses, institutions, air carriers and other targets that the MOIS considered a threat.

A combo picture shows Lebanese Public Works and Transportation Minister Youssef Fenianos entering parliament in Beirut, Lebanon, May 23, 2018, left, and Lebanese former Finance Minister Ali Hassan Khalil arriving at the parliament, in Beirut, Lebanon, July 16, 2019. The U.S. Treasury on Tuesday, Sept. 8, 2020 sanctioned Fenianos, a senior member of the Christian Marada Movement that is allied with Hezbollah and the Syrian government, and Khalil, currently a member of the Lebanese Parliament, saying they "provided material support to Hezbollah and engaged in corruption.” (AP Photo/Hussein Malla)

US sanctions Lebanon companies for funnelling millions to Hezbollah

The Treasury Department said that an FBI advisory, also being released on Thursday, detailed eight separate and distinct sets of malware used by MOIS through Rana to conduct their computer intrusion activities.

It said this is the first time most of these technical indicators have been publicly discussed and attributed to MOIS by the US government. By making the code public, the FBI seeks to hinder MOIS’s ability to continue their campaign, ending the victimisation of thousands of individuals and organisations, the Treasury Department said.

The designation came as the Treasury also sanctioned companies in Lebanon and Hezbollah officials accused of funnelling millions in public money from government contracts to the leadership of the Iran-backed US-designated terror group.