WASHINGTON: The US government on Friday imposed sanctions on Iran’s intelligence agency and its leadership in response to malicious cyberattacks on Albanian government computer systems in July.
The Treasury Department’s Office of Foreign Assets Control designated Iran’s Ministry of Intelligence and Security and Esmail Khatib, who heads the ministry, for what it said were cyber-related activities against the US and its allies.
Albania, a NATO member, cut diplomatic ties with Iran and expelled its embassy staff this week over the cyberattack. It was the first known case of a country cutting diplomatic relations over a cyberattack.
The Albanian government has accused Iran of carrying out the July 15 attack, which temporarily shut down numerous Albanian government digital services and websites.
Microsoft, which assisted Albania in investigating the cyberattack, said in a blog post Thursday that it was moderately confident the hackers belong to a group that has been publicly linked to Iran’s Ministry of Intelligence and Security.
It said the attackers were observed operating out of Iran, used tools previously used by known Iranian attackers and had previously targeted “other sectors and countries” consistent with Iranian interests. The destructive malware deployed was also previously used by a “known Iranian actor,” it said.
“Iran’s cyberattack against Albania disregards norms of responsible peacetime State behavior in cyberspace,” Brian Nelson, Treasury’s under secretary for terrorism and financial intelligence, said in a statement.
“We will not tolerate Iran’s increasingly aggressive cyber activities targeting the United States or our allies and partners,” he said.
The ministry was already designated under US sanctions. Iran’s mission to the United Nations in New York did not immediately respond to a request for comment.
The July attacks temporarily disrupted government websites and other public services. Analysts say the operation was intended to punish Albania for supporting an Iranian dissident group based in the country, known as the Mujahedin-e Khalq (MEK).
Iran has disregarded “norms of responsible peacetime state behavior in cyberspace,” Secretary of State Antony Blinken added in a statement.
The Treasury singled out one active Iranian group, dubbed “MuddyWater,” which it said has conducted cyber campaigns since 2018, exploiting foreign network vulnerabilities to steal sensitive data and deploy ransomware.
MuddyWater conducted a sustained cyberattack against Turkish government entities late last year, it said.
In addition to targeting infrastructure, the Iranian hackers were blamed for leaking documents from the government in Tirana and personal information on certain Albanians.
The sanctions seek to freeze any assets those designated might have under US jurisdiction and forbid any US individuals or companies — including international banks with US operations — to do business with them, a move aimed and blocking their access to global financial networks.
Since at least 2007, Iran’s intelligence agency and its proxies have been accused of conducting cyber operations targeting public and private entities around the world.
Treasury, which uses an Obama-era executive order that targets people and entities that engage in malicious cyber activities as an authority to impose the sanctions, has been ratcheting up its financial penalties on Iran this year.
This comes as President Joe Biden’s administration has been working to renew the tattered Iran nuclear deal, which placed curbs on Iran’s nuclear program in exchange for billions of dollars in sanctions relief, which Iran insists it has never received.
(With AP, AFP and Reuters)