Select Page

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020.

The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked under the names APT35, Charming Kitten, Nemesis Kitten, Phosphorus, and TunnelVision.

“This group has launched extensive campaigns against organizations and officials across the globe, particularly targeting U.S. and Middle Eastern defence, diplomatic, and government personnel, as well as private industries including media, energy, business services, and telecommunications,” the Treasury said.

The Nemesis Kitten actor, which is also known as Cobalt MirageDEV-0270, and UNC2448, has come under the scanner in recent months for its pattern of ransomware attacks for opportunistic revenue generation using Microsoft’s built-in BitLocker tool to encrypt files on compromised devices.

Microsoft and Secureworks have characterized DEV-0270 as a subgroup of Phosphorus (aka Cobalt Illusion), with ties to another actor referred to as TunnelVision. The Windows maker also assessed with low confidence that “some of DEV-0270’s ransomware attacks are a form of moonlighting for personal or company-specific revenue generation.”

images from Hacker News