US Sanctions Iranian Cyber Army and Militant Groups That Have Kidnapped Americans

New sanctions come amid mounting concerns Iran will increase offensive cyber operations ahead of the 2024 election

April 23, 2024

The Biden administration on Tuesday issued a bevy of new sanctions on Iran's army of cyberterrorists, as well as several militant groups that are attempting to kidnap Americans abroad.

The measures are part of an effort to combat Iran's cyber warfare campaigns and deter allied terrorist groups from abducting Americans in conflict-ridden regions. The Iran-related sanctions target two companies and four individuals "involved in malicious cyber activity on behalf of, directly or indirectly, the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC)," according to the State Department.

Iran's army of hackers has recently been caught going after "more than a dozen U.S. companies and government entities through cyber operations," the State Department said. These operations come amid mounting concerns that Iran and other malign regimes, such as Russia and China, will increase their offensive cyber operations ahead of the 2024 election—just as they did in 2020, when Tehran-based hackers conducted numerous operations to "intimidate and influence American voters."

The Iranian government has tasked the IRGC-CEC with sabotaging American businesses and conducting "malicious cyber activity against the U.S. and several other countries," the State Department said as it unveiled the measures.

The uptick in Iranian hack attacks comes amid a broader strategy by Tehran to foment regional chaos and draw the United States further into the Middle East conflict. This strategy has included strikes by Iranian proxy groups on U.S. outposts and military positions in the region, including a deadly strike in January by Tehran-allied militants that killed 3 Americans and wounded more than 40 others.

"Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens," Brian E. Nelson, the undersecretary of the Treasury for terrorism and financial intelligence, said in a separate statement announcing the sanctions. "The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks' operations."

In addition to the sanctions, the Justice Department announced on Thursday that it is charging four Iranian nationals for their role in a "multi-year cyber campaign" targeting U.S. companies, the State Department, and the Treasury Departments.

At least one of the Iranians named in the case admitted to working for the IRGC's electronic warfare and cyber defense unit, indicating that the Iranian government is directing these malicious operations.

A large portion of Iran's cyber campaign has also targeted critical infrastructure in the United States and multiple government entities, according to the Treasury Department.

A separate set of sanctions was issued on two militant groups—Jama'at Nusrat al-Islam wal-Muslimin (JNIM) and al-Murabitoun—for their efforts to kidnap Americans in Africa. Both terror groups have taken Westerners, including Americans, hostage in recent years.

JNIM, in particular, has "claimed responsibility for numerous kidnappings and attacks since its formation in 2017," according to information provided by the State Department. "In addition to ransom from kidnapping, JNIM receives funding from extortion, from smugglers, and from traffickers." Al-Murabitoun employs similar tactics.