US Sanctions More Iranians Over Cybercrimes
The US Justice Department charged Wednesday three more Iranian citizens with cyberattacks that targeted power companies, local governments and small businesses and nonprofits.
The US Justice Department charged Wednesday three more Iranian citizens with cyberattacks that targeted power companies, local governments and small businesses and nonprofits.
According to the prosecutors, the suspects targeted hundreds of victims in the US and other countries, encrypting and stealing data from victims’ networks and threatening to release it unless exorbitant ransom payments were made. In some cases, the victims made those payments.
A senior Justice Department official said that the hackers are not believed to have been working on behalf of the Iranian government but instead for their own financial gain, and some of the victims were even in Iran.
The case was filed in federal court in New Jersey, where a municipality in Union County was hacked last year. One of the victims was a domestic violence shelter in Pennsylvania, which – according to the indictment -- was extorted out of $13,000 to recover its hacked data.
In the latest actions as part of the US government’s response to the malicious cyber activities by Iranian actors, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) also sanctioned ten individuals and two entities Wednesday for their roles in malicious cyber acts, including ransomware activity.
The OFAC said all the individuals and entities designated Wednesday are affiliated with Iran’s Revolutionary Guard (IRGC).
Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said, “We will continue to take coordination action with our global partners to combat and deter ransomware threats, including those associated with the IRGC.”
Iran-sponsored cyberspies have leveled up their techniques, using fake personas of real people to add credibility to the phishing emails designed to deliver malware.
According to a Wednesday report by Security firm Proofpoint, Iran-aligned espionage threat actor TA453 deployed a social engineering impersonation technique, informally called Multi-Persona Impersonation, in mid-2022 in which the threat actor uses at least two stolen or hijacked personas on a single email thread to convince targets of the legitimacy of the campaign. The personas used are real people that the target knows and trusts.
TA453 historically targeted academics, policymakers, diplomats, journalists, and human rights workers, and would engage in one-to-one conversations with the targets but this changed since they started the new technique. For example, the actors included a variety of questions intended to generate a dialogue about Israel, the Persian Gulf States, and the Abraham Accords, while these questions are generally meant to establish a pretext for sending a follow-up credential harvesting link or to deliver a malicious document.
The company’s researchers said they observed the activities of TA453 throughout late 2021 and through 2022 – which overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42 – noting that TA453 innovated its approach in a quest to fulfill its intelligence priorities. In late June 2022, this evolution resulted in campaigns utilizing what Proofpoint calls Multi-Persona Impersonation (MPI), a new subset of impersonation.
The security firm described the method as “an intriguing technique” because it requires more resources be used per target -- potentially burning more personas -- and a coordinated approach among the various personalities in use by TA453.
Iranian President Ebrahim Raisi arrived in the Uzbek city of Samarkand on Wednesday for a summit of the Shanghai Cooperation Organization (SCO).
Welcomed by Uzbekistan's Prime Minister Abdulla Aripov, Raisi and his accompanying delegation are also scheduled to hold meetings with the SCO's heads of state on the sidelines of the summit. Before embarking on the three-day visit, Raisi said he was going to Uzbekistan at the invitation of his Uzbek counterpart Shavkat Mirziyoyev.
"In the first step of developing the neighborhood policy, we were able to strengthen mutual political trust in the region, and in the second step, we are pursuing the effective role of the Islamic Republic of Iran and its active presence in the region," he said.
Iran has been hoping to become a full member of the Shanghai Organization for many years, and at last year's meeting of the organization, it was agreed that Iran would change its status from an observer member to a permanent member. Tehran started a formal process for accession to the bloc in March, and is expected to complete the accession procedure next year.
Becoming a SCO member helps the Islamic Republic take the advantage of using the infrastructure that exists in Asia and in the neighboring countries, Raisi claimed.
Iran's Deputy Foreign Minister for Economic Diplomacy, Mehdi Safari, said on Wednesday that the status of Iran’s membership will be determined after this trip.
Earlier on Wednesday, government's spokesman Ali Bahadori Jahromi said the draft legislation outlining Iran's membership in the organization had been submitted to parliament for approval.
An Argentine judicial chamber has finalized a ruling to allow release of 12 of 19 crew members of a Venezuelan plane grounded on suspicions of ties with Iran’s Revolutionary Guard, a designated terror group.
The Federal Court of Appeals of La Plata in the province of Buenos Aires authorized the 12 crew members' departure on Tuesday and ordered a judge to resolve the investigation into the crew within 10 days.
In August, Federal Judge Federico Villena authorized the departure of 12 of the 19 people who were onboard, ordering four Iranians and three Venezuelans to be retained in Argentina. He said there are still elements to be investigated regarding the Iranian pilot Gholamreza Ghasemi, designated by the Argentine intelligence service as a member of the Revolutionary Guard.
Registered as a Venezuelan cargo plane, the aircraft was previously owned by the Iranian company Mahan Air and transported a group of Iranian officials, including Ghasemi, a senior executive of the airline Qeshm Fars Air and a former board member of Fars Air Qeshm who stands accused of transporting weapons for Hezbollah during the civil war in Syria.
In June, Gerardo Milman, an Argentine lawmaker, told Iran International that Iranians aboard the Venezuelan plane planned “attacks on human targets.” Contrary to Iran’s claim on June 13 that the plane was not owned by an Iranian company, Milman said the pilot was “a senior official of Qods (Quds) force,” Tehran’s extraterritorial intelligence and secret ops outfit listed as a terrorist organization by the United States.
Earlier in September, Captain Ghasemi reiterated the claim that he is a flight instructor and had no ties to the Iranian military except for fighting in the Iran-Iraq War (1980-1988) as a volunteer in the Basij Popular Mobilization Forces.
A US Republican lawmaker told Iran International that Washington is not going to get back to any kind of a deal with Iran and should not let Tehran grow its nuclear capabilities.
Senator Josh Hawley (R-MO) told our correspondent Arash Aalaei on Tuesday that “the Biden administration's approach to Iran is totally misguided. We should not consent to giving Iran any more capability to produce anything on the nuclear front.”
Underlining that the United States is not going to get back to any kind of a deal with Iran, he said, “We're going to keep the strings tight; we're going to keep the pressure on. We don't want to see that region become further destabilized."
“Iran getting a track toward a working nuclear program would be deeply destabilizing,” he added.
Casting aspersions on the Biden administration’s foreign policies, particularly about Iran and Russia, he added that Biden’s policies do not “make any strategic sense,” as they are not good for the US’ “energy security or independence” nor they help “in terms of our military posture in that region.”
He stated that the US should help its allies and partners in the Middle East to do more to stabilize the region so that it can “focus on East Asia and problems with China.”
Emphasizing Iran's terrible record on religious liberty and rights for women, he questioned the administration’s logic of helping “the tyrannical regime” in Tehran and further emboldening them. “They are walking towards a path that would be deeply harmful to the region, to religious minorities and to the cause of freedom of worship and faith. It is dangerous.”
Iran’s government is supposed to double tax collection this year to compensate for lack of oil revenues, putting pressure on businesses that prefer to emigrate.
President Ebrahim Raisi’s hardliner government, that has so far refused to reach an agreement in the nuclear talks with the United States that would lift oil sanctions, has been insisting on collecting more taxes to bridge a budget deficit that is estimated to be at least 50 percent.
Aftab News, a relatively independent website in Tehran, said Wednesday that to compensate for lost oil export revenues the current budget calls for collecting 5.26 quadrillion rial in taxes, (that is 15 zeros).
That is hard to calculate in US dollars since there are a variety of exchange rates in Iran, but the sum is in the neighborhood of $20 billion. That might not seem like a big amount by Western standards, but in rials it is larger than the whole government budget was just three years ago.
Due to a huge fall in rials value, the budget has ballooned from 4.6 to 12 quadrillion rials since 2019.
Davood Manzur, the head of Iran’s tax department recently said that the government has succeeded in collecting 112 percent of scheduled taxes since March 21, the beginning of the Iranian calendar year. The amount cited was around 3 quadrillion rials.
Recently the government has gone after personal bank accounts, saying that if an account has more than 100 deposits in one month totaling to around $1,100, it will be considered tax liable as a commercial account.
Aftab news cited a business leader as saying that Iran has the highest tax collection rate in the Middle East, while Saudi Arabia is establishing tax-free zones to encourage economic growth in non-oil sectors.
While Iran struggles amid continuing US sanctions, with an annual inflation rate of around 50 percent and lack of investments, the growing tax burden is a toxic formula for the private sector.
Donya-e Eghtesad (World of Economy), the best-known business and economy website in Tehran published an article on September 7 about a survey of 40 business leaders and potential about what they thought of the prevailing condition in the country.
An overwhelming majority of 87 percent said they had no clear picture of the future for investments in Iran. Their main concern revolved around decision makers creating “instability”. More than half indicated that they were contemplating to take their capital out of the country, and most have either partially have already moved their businesses to other countries.
A huge exodus of capital to tune of up to $10 billion annually has been taking place, mostly to the United Arab Emirates and Turkey, where Iranians are the largest group of real estate buyers.
The businessmen cited persistent high inflation as a major manifestation of instability, as Iran has been printing money with an accelerated rate since the US imposed sanctions in 2018 after abandoning the nuclear agreement known as the JCPOA.
Higher taxes this year are undoubtedly another manifestation of erratic economic decision making by a government that its own hardliner supporters are now criticizing as inept.
Traditional Bazaar merchants in Tehran and other cities protested in June to the unfavorable economic conditions and specifically to higher taxes.
