US Treasury sanctions Iran-based ransomware group and associated Bitcoin addresses

Published at: Sept. 14, 2022

The United States Treasury Department’s Office of Foreign Asset Control has added 10 individuals, 2 entities, and several crypto addresses allegedly tied to an Iranian ransomware group to its list of Specially Designated Nationals, effectively making it illegal for U.S. persons and companies to engage with them.

In a Wednesday announcement, the U.S. Treasury said the individuals and companies in the ransomware group were affiliated with Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. The group allegedly “conducted a varied range of malicious cyber-enabled activities,” including compromising the systems of a U.S.-based children’s hospital in June 2021 and targeting “U.S. and Middle Eastern defense, diplomatic, and government personnel.”

OFAC listed 7 Bitcoin (BTC) addresses allegedly connected to 2 of the Iranian nationals — Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar — as part of its secondary sanctions. According to Treasury, Khatibi has been associated with technology and computer services firm Afkar System — one of two entities sanctioned in the same announcement — since 2007. The government department alleged Nikaeed “leased and registered network infrastructure” to assist the ransomware group.

“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board — directly threatening the physical security and economy of the United States and other nations,” said Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “We will continue to take coordination action with our global partners to combat and deter ransomware threats.”

In a coordinated action across the U.S. Government, OFAC designated a dozen Iran-based persons for their roles in malicious cyber acts, including ransomware activity. The U.S., Australia, Canada & the UK are also publishing a joint cyber security advisory. https://t.co/OVnr3jprBA

— Treasury Department (@USTreasury) September 14, 2022

The notice came as the Justice Department announced an indictment against Khatibi, Nikaeed, and Mansour Ahmadi — also one of the individuals listed in OFAC’s sanctions — for allegedly “orchestrating a scheme to hack into the computer networks” of entities and individuals in the United States, including the attacks cited by Treasury. According to the Justice Department, the Iranian ransomware group targeted a New Jersey-based accounting firm in February 2022, having Khatibi demand $50,000 in cryptocurrency in exchange for not selling the company's data on the black market.

Related: Monero’s crypto of choice as ransomware ‘double extortion’ attacks increase 500%

On Aug. 8, OFAC added more than 40 cryptocurrency addresses connected to controversial mixer Tornado Cash to its list of Specially Designated Nationals, prompting criticism from many figures in and out of the space. Treasury clarified on Tuesday that U.S. persons and entities were not prohibited from sharing Tornado Cash’s code, but also required a special license to complete transactions initiated before the sanctions were imposed or make withdrawals.

Tags
Regulation
United States
Sanctions
Ransomware
Iran
Related Posts
US Treasury Dept sanctions crypto OTC broker Suex for alleged role in facilitating transactions for ransomware attacks
The United States Department of the Treasury has announced it will impose sanctions on the Czech Republic and Russia-based business Suex OTC for allegedly allowing hackers to access cryptocurrency sent as payment for ransomware attacks. In an advisory update issued on Tuesday, the Treasury Department Office of Foreign Assets Control, or OFAC, added Suex OTC to its list of Specially Designated Nationals for which “assets are blocked and U.S. persons are generally prohibited from dealing with them.” The government agency listed Suex OTC’s offices in Moscow and Prague, as well as its website and 25 crypto addresses for Ether (ETH), …
Regulation / Sept. 21, 2021
Iran One-Ups the United States? Tehran Seeks Crypto Mining Dominance
Crypto mining in Iran is set to become even bigger with the government giving the green light for power plants to mine cryptocurrencies like Bitcoin (BTC). The news is the latest piece of positive development on the virtual currency mining front to come out of the country in the last year. Since legalizing crypto mining back in July 2019, Iranian authorities have sought to ensure market participants operate only after obtaining the required licenses. By allowing power plants to engage in cryptocurrency mining, Iran is joining other emerging hubs as the global “hash wars” gathers pace. Iran has seen an …
Bitcoin / Aug. 7, 2020
US officials seize $6.1M in crypto from ransomware actors, adds Chatex to sanctions list
The United States Department of the Treasury has announced it will impose sanctions on the cryptocurrency exchange Chatex and its support network for allegedly facilitating transactions for ransomware actors. In an advisory update issued on Nov. 8, the Treasury Department Office of Foreign Assets Control, or OFAC, added Chatex as well as IZIBITS OU, Chatextech SIA, and Hightrade Finance to its list of entities sanctioned by the U.S. government. The department claimed Chatex has “direct ties” with Czech Republic and Russia-based business Suex OTC, which it sanctioned in September. According to OFAC, Chatex has helped facilitate transactions for ransomware groups, …
Regulation / Nov. 8, 2021
Proactive sanctions can help spare the ecosystem: Chainalysis exec
As many countries, entities and even individuals face international sanctions, the crypto industry seeks to find its place among increasing regulations. Digital currencies have often been mentioned as an avenue for those subject to sanctions to divert them, such as in the recent case of Russia. In such instances, exchanges and other industry players need to understand where they stand compliance-wise. Research out of Harvard even suggested that central banks can use Bitcoin (BTC) to fight off sanctions. Speaking to Cointelegraph's managing editor Alex Cohen at the Israel Crypto Conference, Chainalysis head of sanctions Andrew Fierman said sanctions are nuanced …
Blockchain / Dec. 7, 2022
Enforcement goes on with Bitzlato action — Law Decoded, Jan. 16-23.
The good news of the last week is that Bitcoin (BTC) continued to review, making around 10% up from Jan.16 to Jan. 23. But it has yet to change a worrying trend of crypto companies making headlines due to their troubles with the law. The United States Department of Justice launched a “major international cryptocurrency enforcement action” against China-based crypto firm Bitzlato and arrested its founder, Anatoly Legkodymov. The enforcers consider Bitzlato to be a “primary money laundering concern” connected to Russian illicit finance. While the exchange attracted little attention until the DOJ action, it had received $206 million from …
Regulation / Jan. 23, 2023