OFAC has designated 2 Iranian nationals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, “who helped exchange digital currency (bitcoin) ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme”. For the first time, OFAC has also publicly identified 2 digital currency addresses associated with these 2 individuals, in which over 7000 bitcoin transactions (worth millions of US dollars) were processed through. These cyber-related designations were made pursuant to Executive Order 13694, which imposes US asset freezes and travel bans, and could subject others to secondary sanctions if they engage in transactions with the 2 listed individuals. See OFAC Notice, US Treasury Press Release, and Two New Digital Currency-Related FAQs.
In April 2014, the US adopted Executive Order (EO) 13664, which declared a national emergency in respect of South Sudan (for activities that threatened the peace, security, or stability of South Sudan and the surrounding region). That EO imposed a number of asset freezing measures and travel restrictions.
On 27 March 2018, US President Trump extended for 1 year the sanctions contained in EO 13664 by continuing the national emergency as declared. White House Notice here.
Significant Malicious Cyber-Enabled Activities:
In April 2015, the US adopted EO 13694 (as amended by EO 13757, December 2016), which declared a national emergency in respect of those engaging in ‘Significant Malicious Cyber-Enabled Activities” (malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the US). That EO imposed a number of asset freezing measures and travel restrictions.
On 27 March 2018, US President Trump extended for 1 year the sanctions contained in EO 13694 by continuing the national emergency as declared. White House Notice here.
The US has charged 9 Iranians with conducting a massive cybertheft campaign on behalf of Iran’s Islamic Revolutionary Guard Corps, and imposed sanctions on them, a related company, and one other. In the Department of Justice’s press release, Deputy Attorney General Rod Rosenstein accused the 9 people of stealing “more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, 5 American government agencies, and also more than 176 universities in 21 foreign countries. He added that in many cases they acted “at the behest of the Iranian government”.
As a result of the sanctions, the assets of the Mabna Institute, the 9 Iranians connected to it, and Behzad Mesri, who is the subject of a US indictment announced in November 2017 for cybertheft, are frozen and US people are generally prohibited from doing business with them. The US Treasury’s press release is here, and the details of the sanctions are here.
The EU Council has agreed to develop a framework for a joint EU diplomatic response to malicious cyber activities, which will if necessary include new sanctions measures under the CFSP. The EU’s agreement is a response to what it says is “the increased ability and willingness of state and non-state actors to pursue their objectives through malicious cyber activities”, and it said that states “should not knowingly allow their territory to be used for internationally wrongful acts using Information and Communication Technologies”. The Council’s press release is here.