The United States has intensified its efforts to combat cyber threats by offering a substantial reward for information leading to identifying or locating individuals involved in malicious cyber activities against U.S. critical infrastructure.
The move comes as part of a broader strategy to counter cyber threats from foreign entities.
Reward for Justice Program
According to the tweet from the U.S. Department of State’s Rewards for Justice program has announced a reward of up to $10 million for information on individuals acting under the direction or control of a foreign government, who participate in cyber activities that violate the Computer Fraud and Abuse Act.
This initiative underscores the U.S. government’s commitment to safeguarding its critical infrastructure from cyber threats.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
This reward focuses on the CyberAv3ngers, a hacking group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). This group has been linked to cyberattacks targeting programmable logic controllers (PLCs) used in various industries, including water and wastewater, energy, and healthcare.
Key Figures and Sanctions
Several Iranian security officials have been linked to these malicious activities. Among them is Hamid Reza Lashgarian, the head of the IRGC’s Cyber-Electronic Command (IRGC-CEC), who also serves as a commander in the IRGC-Qods Force.
The U.S. Department of the Treasury has sanctioned Lashgarian, along with Hamid Homayunfal, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Siberian, and Mohammad Bagher Shirinkar.
These individuals have been designated as Specially Designated Nationals under Executive Order 13224, which targets leaders or officials of the IRGC-CEC for their involvement in cyber and intelligence operations.
As a result, all property and interests in property of these individuals within the United States are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
CyberAv3ngers’ Activities
The CyberAv3ngers group has been active in targeting Israeli-made PLCs, compromising their default credentials, and leaving provocative messages on the devices.
In October 2023, they claimed responsibility for cyberattacks against Israeli PLCs on their Telegram channel. Since November 2023, these activities have extended to the United States, where compromised devices displayed messages such as, “You have been hacked, down with Israel.”
The U.S. government’s response to these cyber threats highlights the increasing importance of international cooperation and intelligence sharing in addressing cybersecurity challenges.
By offering financial incentives for information, the U.S. aims to disrupt the activities of these hacking groups and protect its critical infrastructure from further attacks.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access