{
	"id": "65d3d5f0-c844-45ca-9e3b-090d7d918832",
	"created_at": "2026-04-06T00:09:26.341767Z",
	"updated_at": "2026-04-10T03:33:49.4444Z",
	"deleted_at": null,
	"sha1_hash": "18a07903d33c8a04b4a4c3e1ae4104e80acaea82",
	"title": "Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40151,
	"plain_text": "Treasury Sanctions Actors Responsible for Malicious Cyber\r\nActivities on Critical Infrastructure\r\nPublished: 2026-02-13 · Archived: 2026-04-05 17:59:32 UTC\r\nWASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned\r\nsix officials in the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), an\r\nIranian government organization responsible for a series of malicious cyber activities against critical infrastructure\r\nin the United States and other countries.\r\n“The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act,”\r\nsaid Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.  “The United States\r\nwill not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to\r\naccount.”\r\nThe United States is taking action against these individuals in response to IRGC-affiliated cyber actors’ recent\r\ncyber operations in which they hacked and posted images on the screens of programmable logic controllers\r\nmanufactured by Unitronics, an Israeli company.  Industrial control devices, such as programmable logic\r\ncontrollers, used in water and other critical infrastructure systems, are sensitive targets.  Although this particular\r\noperation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable\r\nactions that harm the public and cause devastating humanitarian consequences.\r\nIn this case, the United States, in coordination with the private sector and other affected countries, quickly\r\nremediated the incidents with minimal impacts.  The United States nevertheless is deeply concerned about the\r\ntargeting of these systems and cautions that cyber operations that intentionally damage or otherwise impair the use\r\nand operation of critical infrastructure to provide services to the public are destabilizing and potentially escalatory.\r\nIranian cyber actors previously committed and attempted malicious cyber activities against U.S. critical\r\ninfrastructure, including ransomware attacks and an attempted operation against Boston Children’s Hospital in\r\n2021.  They are also responsible for similar malicious cyber activity targeting European countries and Israel.\r\nToday’s action is being taken pursuant to the counterterrorism authority Executive Order (E.O.) 13224, as\r\namended. OFAC designated the IRGC-CEC, also known as the IRGC Electronic Warfare and Cyber Defense\r\nOrganization, pursuant to E.O. 13606 on January 12, 2018, for being owned or controlled by, or acting for or on\r\nbehalf of, the IRGC, which itself was designated pursuant to E.O. 13224 on October 13, 2017.  Today, OFAC is\r\nupdating the SDN List to identify the IRGC-CEC as the group’s primary name.\r\nDESIGNATION OF IRGC-CEC SENIOR OFFICIALS\r\nHamid Reza Lashgarian is the head of the IRGC-CEC, and is also a commander in the IRGC-Qods Force. \r\nHamid Reza Lashgarian has been involved in various IRGC cyber and intelligence operations.\r\nhttps://home.treasury.gov/news/press-releases/jy2072\r\nPage 1 of 2\n\nMahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza\r\nMohammad Amin Saberian are senior officials of the IRGC-CEC.\r\nHamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar,\r\nand Reza Mohammad Amin Saberian are designated pursuant to E.O. 13224, as amended, for being leaders or\r\nofficials of the IRGC-CEC.\r\nSANCTIONS IMPLICATIONS\r\nAs a result of today’s action, all property and interests in property of the designated persons described above that\r\nare in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.\r\nIn addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more\r\nby one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by\r\nOFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting)\r\nthe United States that involve any property or interests in property of designated or otherwise blocked persons. \r\nIn addition, financial institutions and other persons that engage in certain transactions or activities with the\r\nsanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.\r\nThe prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the\r\nbenefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from\r\nany such person. \r\nThe power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to\r\nthe SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The\r\nultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information\r\nconcerning the process for seeking removal from an OFAC list, including the SDN List, please refer toOFAC’s\r\nFrequently Asked Question 897 here. For detailed information on the process to submit a request for removal from\r\nan OFAC sanctions list, please click here.\r\nClick here for more information on the individuals and entities designated today.\r\n###\r\nSource: https://home.treasury.gov/news/press-releases/jy2072\r\nhttps://home.treasury.gov/news/press-releases/jy2072\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://home.treasury.gov/news/press-releases/jy2072"
	],
	"report_names": [
		"jy2072"
	],
	"threat_actors": [
		{
			"id": "b07fec96-80cd-4d92-aa52-a26a0b25b7c2",
			"created_at": "2022-10-25T16:07:23.826594Z",
			"updated_at": "2026-04-10T02:00:04.760416Z",
			"deleted_at": null,
			"main_name": "Madi",
			"aliases": [
				"Mahdi"
			],
			"source_name": "ETDA:Madi",
			"tools": [
				"Madi"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434166,
	"ts_updated_at": 1775792029,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/18a07903d33c8a04b4a4c3e1ae4104e80acaea82.pdf",
		"text": "https://archive.orkl.eu/18a07903d33c8a04b4a4c3e1ae4104e80acaea82.txt",
		"img": "https://archive.orkl.eu/18a07903d33c8a04b4a4c3e1ae4104e80acaea82.jpg"
	}
}