{ "id": "ec9e8d73-fdf3-49f3-a59b-935f8e27ac53", "created_at": "2026-04-06T00:12:31.761803Z", "updated_at": "2026-04-10T03:34:24.819738Z", "deleted_at": null, "sha1_hash": "67e81e6f5387ad321ca99a10f58ed35be151cd53", "title": "Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 51136, "plain_text": "Treasury Sanctions Entities in Iran and Russia That Attempted to\r\nInterfere in the U.S. 2024 Election\r\nPublished: 2026-02-13 · Archived: 2026-04-05 20:40:44 UTC\r\nWASHINGTON – Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is\r\ndesignating a subordinate organization of Iran’s Islamic Revolutionary Guard Corps (IRGC), and a Moscow-based\r\naffiliate organization of the Russian Main Intelligence Directorate (GRU) and its director pursuant to Executive\r\nOrder (E.O.) 13848, the U.S. election interference authority. As affiliates of the IRGC and GRU, these actors\r\naimed to stoke socio-political tensions and influence the U.S. electorate during the 2024 U.S. election. Today’s\r\nactions build on sanctions previously imposed on the IRGC, the GRU, and their numerous subordinate and proxy\r\norganizations, pursuant to several authorities targeting the proliferation of weapons of mass destruction and\r\nmalicious cyber-enabled activities.\r\n“The Governments of Iran and Russia have targeted our election processes and institutions and sought to divide\r\nthe American people through targeted disinformation campaigns,” said Acting Under Secretary of the Treasury for\r\nTerrorism and Financial Intelligence Bradley T. Smith. “The United States will remain vigilant against adversaries\r\nwho would undermine our democracy.”  \r\nTEHRAN’S MALIGN INFLUENCE AND ELECTION INTERFERENCE ACTIVITIES\r\nIn the summer of 2024, a joint U.S. government statement announced that the Government of Iran sought to stoke\r\ndiscord and undermine confidence in the United States’ democratic institutions, using social engineering and other\r\nefforts to gain access to individuals with direct access to the presidential campaigns of both parties. Such\r\nactivities, including thefts and disclosures of private information, are intended to influence the U.S. electoral\r\nprocess. Following this announcement, on September 27, 2024, OFAC designated pursuant to E.O. 13848 an\r\nIranian national and IRGC member who compromised several accounts of officials and advisors of a 2024\r\npresidential campaign. OFAC also designated five employees of the Iranian cybersecurity firm Emennet Pasargad,\r\nformerly known as Net Peygard Samavat Company, which OFAC designated in November 2021 pursuant to\r\nE.O. 13848 for attempting to influence the U.S. 2020 presidential election. \r\nIRGC SUBSIDIARY ORGANIZATION’S INFLUENCE OPERATIONS\r\nThe Cognitive Design Production Center (CDPC) is a subsidiary organization of the IRGC. Since at least 2023,\r\nCDPC planned influence operations designed to incite socio-political tensions among the U.S. electorate in the\r\nlead up to the 2024 U.S. elections, on behalf of the IRGC. \r\nOFAC is designating CDPC pursuant to E.O 13848 for being owned or controlled by, or having acted or purported\r\nto act for or on behalf of, directly or indirectly, the IRGC, a person whose property and interests in property are\r\nblocked pursuant to E.O. 13848. \r\nMOSCOW’S MALIGN INFLUENCE AND ELECTION INTERFERENCE ACTIVITIES\r\nhttps://home.treasury.gov/news/press-releases/jy2766\r\nPage 1 of 3\n\nThe Government of the Russian Federation employs an array of tools, including covert foreign malign influence\r\ncampaigns and illicit cyber activities, to undermine the national security and foreign policy interests of the United\r\nStates and its allies and partners globally. Moscow also routinely uses its intelligence services, government-directed proxies, and covert influence tools in these efforts. The Kremlin has increasingly adapted its efforts to\r\nhide its involvement by developing a vast ecosystem of Russian proxy websites, fake online personas, and front\r\norganizations that give the false appearance of being independent news sources unconnected to the Russian state. \r\nToday’s designations follow prior OFAC actions that have highlighted and disrupted Russia’s global malign\r\ninfluence campaigns, including RT, RaHDit, RRN, and Doppelgänger influence operations; Kremlin-directed\r\nmalign influence efforts; interference in U.S. elections; efforts to subvert democracy in Moldova; destabilization\r\nactivities in Ukraine; and the operation of outlets controlled by Russian intelligence services.\r\nGRU-AFFILIATED ENTITY USES ARTIFICIAL INTELLIGENCE TOOLS TO INTERFERE\r\nIN THE U.S. 2024 ELECTION\r\nThe Moscow-based Center for Geopolitical Expertise (CGE), founded by OFAC-designated Aleksandr Dugin,\r\ndirects and subsidizes the creation and publication of deepfakes and circulated disinformation about candidates in\r\nthe U.S. 2024 general election. CGE personnel work directly with a GRU unit that oversees sabotage, political\r\ninterference operations, and cyberwarfare targeting the West. Since at least 2024, a GRU officer and CGE affiliate\r\ndirected CGE Director Valery Mikhaylovich Korovin (Korovin) and other CGE personnel to carry out various\r\ninfluence operations targeting the U.S. 2024 presidential election. \r\nAt the direction of, and with financial support from, the GRU, CGE and its personnel used generative AI tools to\r\nquickly create disinformation that would be distributed across a massive network of websites designed to imitate\r\nlegitimate news outlets to create false corroboration between the stories, as well as to obfuscate their Russian\r\norigin. CGE built a server that hosts the generative AI tools and associated AI-created content, in order to avoid\r\nforeign web-hosting services that would block their activity. The GRU provided CGE and a network of U.S.-based\r\nfacilitators with financial support to: build and maintain its AI-support server; maintain a network of at least 100\r\nwebsites used in its disinformation operations; and contribute to the rent cost of the apartment where the server is\r\nhoused. Korovin played a key role in coordinating financial support from the GRU to his employees and U.S.-\r\nbased facilitators. \r\nIn addition to using generative AI to construct and disseminate disinformation targeting the U.S. electorate in the\r\nlead up to the U.S. 2024 general election, CGE also manipulated a video it used to produce baseless accusations\r\nconcerning a 2024 vice presidential candidate in an effort to sow discord amongst the U.S. electorate. \r\nToday, OFAC is designating CGE and Korovin pursuant to E.O. 13848 for having directly or indirectly engaged\r\nin, sponsored, concealed, or otherwise been complicit in foreign malign influence in the 2024 U.S. election.\r\nAdditionally, OFAC is designating CGE pursuant to E.O. 13694, as amended, E.O. 14024, and section 224 of the\r\nCountering America’s Adversaries Through Sanctions Act of 2017 (CAATSA) for being owned or controlled by,\r\nor having acted or purported to act for or on behalf of, directly or indirectly, the GRU, a person whose property\r\nand interests in property are blocked pursuant to E.O. 13694, as amended, E.O. 14024, and section 224 of\r\nCAATSA.  OFAC is also designating Korovin pursuant to E.O. 14024 for being or having been a leader, official,\r\nhttps://home.treasury.gov/news/press-releases/jy2766\r\nPage 2 of 3\n\nsenior executive officer, or member of the board of directors of CGE, a person whose property and interests in\r\nproperty are blocked pursuant to E.O. 14024. \r\nSANCTIONS IMPLICATIONS\r\nAs a result of today’s action, all property and interests in property of the designated persons described above that\r\nare in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.\r\nIn addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more\r\nby one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by\r\nOFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting)\r\nthe United States that involve any property or interests in property of designated or otherwise blocked persons. \r\nIn addition, financial institutions and other persons that engage in certain transactions or activities with the\r\nsanctioned individuals may expose themselves to sanctions or be subject to an enforcement action. The\r\nprohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the\r\nbenefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from\r\nany such person.\r\nNon-U.S. persons are also prohibited from causing or conspiring to cause U.S. persons to violate U.S. sanctions,\r\nwittingly or unwittingly, as well as engage in conduct that evades U.S. sanctions. OFAC’s Economic Sanctions\r\nEnforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. sanctions, including\r\nthe factors that OFAC generally considers when determining an appropriate response to an apparent violation. \r\nThe power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to\r\nthe SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The\r\nultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information\r\nconcerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s\r\nFrequently Asked Question 897 here. For detailed information on the process to submit a request for removal from\r\nan OFAC sanctions list, please click here\r\nClick here for more information on the individuals designated today.\r\n###\r\nSource: https://home.treasury.gov/news/press-releases/jy2766\r\nhttps://home.treasury.gov/news/press-releases/jy2766\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://home.treasury.gov/news/press-releases/jy2766" ], "report_names": [ "jy2766" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "9a11c31f-ebed-4b8d-9a5a-b3c842bfe293", "created_at": "2024-09-20T02:00:04.58523Z", "updated_at": "2026-04-10T02:00:03.700883Z", "deleted_at": null, "main_name": "RaHDit", "aliases": [ "Russian Angry Hackers Did It" ], "source_name": "MISPGALAXY:RaHDit", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "07131850-5161-48b8-98be-6b0271d44d0e", "created_at": "2024-01-23T13:22:35.085803Z", "updated_at": "2026-04-10T02:00:03.521854Z", "deleted_at": null, "main_name": "Cotton Sandstorm", "aliases": [ "Emennet Pasargad", "Holy Souls", "MARNANBRIDGE", "NEPTUNIUM", "HAYWIRE KITTEN" ], "source_name": "MISPGALAXY:Cotton Sandstorm", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434351, "ts_updated_at": 1775792064, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/67e81e6f5387ad321ca99a10f58ed35be151cd53.pdf", "text": "https://archive.orkl.eu/67e81e6f5387ad321ca99a10f58ed35be151cd53.txt", "img": "https://archive.orkl.eu/67e81e6f5387ad321ca99a10f58ed35be151cd53.jpg" } }