Treasury sanctions Iranian actors behind Aliquippa water authority cyberattack

Feb. 6, 2024
Six Iranian officials associated with a cyberattack on the Municipal Water Authority of Aliquippa, Pennsylvania booster station PLC have been sanctions by the U.S. Department of the Treasury.

The U.S. Department of the Treasury announced that it has sanctioned six Iranian officials for the cyberattacks against Unitronics programmable logic controllers (PLCs) used in water infrastructure systems.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six officials in the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), an Iranian government organization that the department says is responsible for a series of malicious cyber activities against critical infrastructure in the U.S. and other countries.

The sanctions are in response to the Aliquippa, Pennsylvania cyberattack, which, in Nov. 2023, disabled the local municipal water authority’s booster station PLC. IRGC-affiliated cyber actors hacked and posted images on the screens of PLCs manufactured by Unitronics, an Israeli company.

“The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account.”

Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets. Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.

Iranian cyber actors previously committed and attempted malicious cyber activities against U.S. critical infrastructure, including ransomware attacks and an attempted operation against Boston Children’s Hospital in 2021. They are also responsible for similar malicious cyber activity targeting European countries and Israel.

The six officials facing sanctions are:

  • Hamid Reza Lashgarian, head of the IRGC-CEC and a commander in the IRGC-Qods Force
  • Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, senior officials of the IRGC-CEC.
  • Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, leaders or officials of the IRGC-CEC.

As a result of the Department of the Treasury’s action, all property and interests in property of the designated officials in the U.S. are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50% or more by one or more blocked persons are also blocked.