US sanctions 7 Iranians and a security firm for role in cyberattacks targeting its financial system

The US government sanctioned seven Iranian nationals and a private Iran-based computer security firm over their role in coordinated cyberattacks targeting the US financial system.

The US Treasury Department announced the sanctions on Thursday, 14 September on 11 entities and individuals for "engaging in support of designated Iranian actors or malicious cyber-enabled activity" in support of Iran's Islamic Revolutionary Guard Corps (IRGC).

Those sanctioned included private computer security company ITSec Team that allegedly planned and launched distributed denial of service (DDoS) attacks against at least nine large US financial institutions, including top banks and stock exchanges, between 2011 and 2012.

The Treasury's Office of Foreign Assets Control said ITSec did work on behalf of the Iranian government during the same time frame as well.

The Trump administration also sanctioned three Iranian nationals allegedly linked to ITSec. One individual named Ahmad Fathi supervised and coordinated the company's DDoS attacks against the finance sector. A computer hacker named Amin Shokohi - who worked for the firm - helped build the botnet used in the DDoS attacks while Hamid Firoozi, a network manager at ITSec, procured computer servers for the botnet.

The Treasury also announced sanctions on four Iranian nationals working for another private computer security firm called Mersad Co. "for causing a significant disruption to the availability of a computer or network of computers." Mersad has been affiliated with the IRGC.

Collectively, both companies were accused of coordinating DDoS attacks against 46 major companies, primarily within the US financial sector, between December 2011 and May 2013.

The seven individuals named were indicted by the Justice Department in March last year over their role in the cyberattacks between late 2011 and mid-2013 that cost banks tens of millions of dollars in remediation costs.

"These attacks, which occurred on more than 176 days, disabled victim bank websites, prevented customers from accessing their accounts online, and collectively cost the banks tens of millions of dollars in remediation costs as they worked to neutralize and mitigate the attacks on their servers," the Justice department said at the time.

Although the DDoS attacks did damage and disrupted businesses and affected customers' ability to do online banking, the cyberattacks did not result in the theft of customer data, officials said.

"Treasury will continue to take strong actions to counter Iran's provocations, including support for the IRGC-Qods Force and terrorist extremists, the ongoing campaign of violence in Syria, and cyber-attacks meant to destabilize the U.S. financial system," Treasury Secretary Steven T. Mnuchin said in a statement.