On Thursday, February 2, the U.S. Department of the Treasury published a press release detailing sanctions placed on six senior officials of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), responsible for malicious cyber activities on critical infrastructure.

A Continuation Of Policy

Sanction against Iranian cyber actors is nothing new. In September 2022, the US Treasury has previously placed sanctions on ten individuals and two entities affiliated with the IRGC and their roles in ransomware activity.

Iranian cyber actors are know to have attempted malicious activities on various critical infrastructure, such as an attempted operation against Boston Children’s Hospital in 2021 or an April 2020 attempt to breach Israel’s water and sewage infrastructure.

These sanctions are in response to an incident in Novermber 2023, where IRGC-affiliated cyber actors exploited programmable logic controllers (PLCs) manufactured by the Isreali company Unitronics, affecting water utilities across multiple U.S. states such as the Municipal Water Authority of Aliquippa in western Pennsylvania. The actors gained access to and posted images on the screens of the PLCs.

Sanctioned Officials And Their Legal Basis

“Today’s action is being taken pursuant to the counterterrorism authority Executive Order (E.O.) 13224, as amended. OFAC designated the IRGC-CEC, also known as the IRGC Electronic Warfare and Cyber Defense Organization, pursuant to E.O. 13606 on January 12, 2018, for being owned or controlled by, or acting for or on behalf of, the IRGC, which itself was designated pursuant to E.O. 13224 on October 13, 2017. Today, OFAC is updating the SDN List to identify the IRGC-CEC as the group’s primary name,” said the U.S. Treasury.

The six sanctioned officials are:

• Hamid Reza Lashgarian;  head of the IRGC-CEC and is also a commander in the IRGC-Quds Force
• Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian; all senior officials of the IRGC-CEC.

With the sanctions in place, all property and interests in property of designated persons within the United States or under U.S. persons’ control are blocked and must be reported to OFAC. Entities owned 50% or more by blocked individuals are also blocked. U.S. persons are prohibited from engaging in transactions involving property or interests in property of designated or blocked persons within the United States or transiting through it. Financial institutions and individuals dealing with sanctioned entities may face sanctions or enforcement actions. Contributions, provision of funds, goods, or services to or from designated persons are also prohibited.