Connect with us

Hi, what are you looking for?


Malware & Threats

US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks 

The US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics.

Iranian hackers

The US government on Friday announced sanctions against six Iranian government officials caught launching cyberattacks against Israeli PLC vendor Unitronics.

The Treasury Department said the six officials are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), a Tehran organization “responsible for a series of malicious cyber activities against critical infrastructure in the United States and other countries.”

“The United States is taking action against these individuals in response to IRGC-affiliated cyber actors’ recent cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company,” the Justice Department said.

The sanctioned Iranian government officials include:

  • Hamid Reza Lashgarian, head of the IRGC-CEC and commander in the IRGC-Qods Force. Lashgarian has been involved in various IRGC cyber and intelligence operations.
  • Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian are senior officials of the IRGC-CEC.

The US government said Iranian hacking teams have been linked to the “deliberate targeting of critical infrastructure,” ransomware attacks against a US hospital, and similar malicious cyber activity targeting European countries and Israel.

“Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets. Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences,” the agency added.

“The deliberate targeting of critical infrastructure by Iranian cyber actors is an unconscionable and dangerous act,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson.  “The United States will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account.”

The sanctions come roughly two months after hackers linked to the Iranian government hijacked ICS at the Municipal Water Authority of Aliquippa in Pennsylvania and water utilities in multiple other states around the US.

Related: ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government

Advertisement. Scroll to continue reading.

Related: US Sanctions Two ISIS-Affiliated ‘Cybersecurity Experts’

Related: US Sanctions Russian National for Ransomware Money Laundering

Related: US, UK Slap Sanctions on Trickbot Cybercrime Gang

Related: US Sanctions North Korean Cyberespionage Group Kimsuky

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.