US Treasury sanctions Iran-based ransomware group and associated Bitcoin addresses

cointelegraph.com:

The United States Treasury Department’s Office of Foreign Asset Control has added 10 individuals, 2 entities, and several crypto addresses allegedly tied to an Iranian ransomware group to its list of Specially Designated Nationals, effectively making it illegal for U.S. persons and companies to engage with them.

In a Wednesday announcement, the U.S. Treasury said the individuals and companies in the ransomware group were affiliated with Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. The group allegedly “conducted a varied range of malicious cyber-enabled activities,” including compromising the systems of a U.S.-based children’s hospital in June 2021 and targeting “U.S. and Middle Eastern defense, diplomatic, and government personnel.”

OFAC listed 7 Bitcoin (BTC) addresses allegedly connected to 2 of the Iranian nationals — Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar — as part of its secondary sanctions. According to the Treasury Department, Khatibi has been associated with technology and computer services firm Afkar System — one of two entities sanctioned in the same announcement — since 2007. The governmental department alleged Nikaeed “leased and registered network infrastructure” to assist the ransomware group.

“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board — directly threatening the physical security and economy of the United States and other nations,” said Brian Nelson, undersecretary of the Treasury for Terrorism and Financial Intelligence. “We will continue to take coordination action with our global partners to combat and deter ransomware threats.”

In a