On September 14, the U.S. Treasury sanctioned 11 entities and individuals for supporting Iran’s Revolutionary Guard Corps or networks responsible for cyber-attacks against the United States. “These sanctions target an Iranian company providing material support to the IRGC’s ballistic missile program, airlines that support the transport of fighters and weapons into Syria, and hackers who execute cyber-attacks on American financial institutions,” said Treasury Secretary Steven T. Mnuchin. The move by the Treasury Department came on the same day that the administration extended sanctions waivers for Iran as part of the nuclear deal.
On the same day, Secretary of State Rex Tillerson condemned Iran’s behavior in the region. Iran is “threatening, not ensuring but threatening, the security of those in the region as well as the United States itself," Tillerson stressed at a press conference in London. “President Trump has made it clear to those of us who are helping him develop this policy that we must take into account the totality of Iranian threats, not just Iran’s nuclear capabilities; that is one piece of our posture towards Iran,” he said.
The administration is nearly done with its Iran policy review after nearly six months, said Joel Rayburn, a who covers Iran at the National Security Council. He told journalists on a call that the president has not made a final decision on the new policy. Trump, who promised to tear up the nuclear deal during his campaign, has taken an aggressive approach towards Iran since taking office in January. In February, the administration put Iran “on notice.” The United States has imposed sanctions on dozens of individuals and entities for connections to Iran’s ballistic missile program, support for terror or human rights abuses.
The next milestone for the nuclear deal is in mid-October. The administration must notify Congress every 90 days whether Iran is complying with the deal and if the United States will continue to waive nuclear sanctions. Trump, however, hinted in an interview with The Wall Street Journal that he may not certify Iran’s compliance with the deal in mid-October. "They have violated so many different elements, but they’ve also violated the spirit of that deal. And you will see what we'll be doing in October," he told a press gaggle on September 14. The following is a press release outlining the new Iran-related sanctions from the U.S. Department of the Treasury with remarks from Trump and Tillerson.
September 14, 2017
Treasury Targets Supporters of Iran’s Islamic Revolutionary Guard Corps and Networks Responsible for Cyber-Attacks Against the United States
Washington – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated 11 entities and individuals for engaging in support of designated Iranian actors or malicious cyber-enabled activity. The persons sanctioned in today’s actions include one entity engaging in activities in support of Iran’s Islamic Revolutionary Guard Corps (IRGC) ballistic missile program; two Ukraine-based entities providing support to designated airlines, including one affiliated with the IRGC-Qods Force (IRGC-QF); and two Iran-based networks responsible for malicious cyber-enabled attacks against the U.S. financial system. Today’s actions were taken pursuant to Executive Order (E.O.) 13382, which targets proliferators of weapons of mass destruction and their means of delivery and their supporters; E.O. 13224, which targets terrorists and those providing support to terrorists and acts of terrorism; and E.O. 13694, which targets persons engaging in significant malicious cyber-enabled activities.
“Treasury will continue to take strong actions to counter Iran’s provocations, including support for the IRGC-Qods Force and terrorist extremists, the ongoing campaign of violence in Syria, and cyber-attacks meant to destabilize the U.S. financial system,” said Treasury Secretary Steven T. Mnuchin. “These sanctions target an Iranian company providing material support to the IRGC’s ballistic missile program, airlines that support the transport of fighters and weapons into Syria, and hackers who execute cyber-attacks on American financial institutions.”
As a result of today’s actions, all property and interests in property of those designated subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. In addition, foreign financial institutions that facilitate significant transactions for, or persons that provide material or certain other support to, the entities and individuals designated today risk exposure to sanctions that could sever their access to the U.S. financial system or block their property and interests in property under U.S. jurisdiction.
Sadid Caran Saba Engineering Company (SABA)
Today, OFAC sanctioned Iran-based SABA for proliferation activities related to Iran’s ballistic missile program. SABA has provided, or attempted to provide, financial, material, technological, or other support for, or goods or services in support of, the IRGC. The IRGC was designated pursuant to E.O. 13382 on October 25, 2007, for being a key Iranian entity of proliferation concern. The IRGC has been outspoken about its willingness to proliferate ballistic missiles.
Since at least 2014, SABA has entered into contracts to procure and install numerous, multi-ton explosion-proof crane systems for the IRGC Research and Self-Sufficiency Jehad Organization (RSSJO). The RSSJO, which is responsible for researching and developing ballistic missiles on behalf of the IRGC, was designated pursuant to E.O. 13382 on July 18, 2017.
Khors Aircompany and Dart Airlines
OFAC also designated Ukraine-based Khors Aircompany and Dart Airlines pursuant to the global terrorism E.O. 13224 for aiding designated Iranian and Iraqi airlines through the provision of aircraft and services. Both Khors Aircompany and Dart Airlines help Iran’s Caspian Air and Iraq’s Al-Naser Airlines procure U.S.-origin aircraft, as well as crew and services.
Iran-based Caspian Air was designated pursuant to E.O. 13224 on August 29, 2014, for providing support to IRGC elements by transporting personnel and illicit material, including weapons, from Iran to Syria. Al-Naser Airlines was designated pursuant to E.O. 13224 on May 21, 2015, for transferring at least eight Airbus A340 and one Airbus A320 aircraft to Mahan Air in Iran. Iranian airline Mahan Air was designated pursuant to E.O. 13224 on October 12, 2011, for providing financial, material, and technological support to the IRGC-QF.
Khors Aircompany provides material support and services to Caspian Air through a sub-wet-lease of a U.S.-origin aircraft. As recently as late 2016, Khors Aircompany provided material support and services to Al-Naser Airlines through the sub-wet-lease of a separate aircraft. A wet lease is any leasing arrangement whereby a person agrees to provide an entire aircraft and at least one crew member.
Dart Airlines is being designated for providing material support and services to Caspian Air through sub-wet-leases of U.S.-origin aircraft. Dart Airlines has also previously provided the sub-wet-lease of separate U.S.-origin aircraft to Al-Naser Airlines. Additionally, Khors Aircompany provided the wet lease and sale of multiple aircraft worth millions of dollars and services related to aircraft leases to Mahan Air. Dart Airlines has also provided to Mahan Air U.S.-origin aircraft and parts, which Dart Airlines procured through front companies.
ITSec Team and Mersad Co. Associated Individuals
OFAC designated private Iranian computer security company ITSec Team pursuant to E.O. 13694 for causing a significant disruption to the availability of a computer or network of computers. Between approximately December 2011 and December 2012, ITSec Team planned and executed distributed denial of service (DDoS) attacks against at least nine large U.S. financial institutions, including top U.S. banks and U.S. stock exchanges. During that time, ITSec Team performed work on behalf of the Iranian Government, including the IRGC.
OFAC also designated three Iranian nationals for acting for or on behalf of ITSec Team. Ahmad Fathi was responsible for supervising and coordinating ITSec Team’s DDoS attacks against the U.S. financial sector. Amin Shokohi, a computer hacker who worked for ITSec Team, helped build the botnet that ITSec Team used in its DDoS attacks against U.S. financial institutions. Hamid Firoozi, a network manager at ITSec Team, procured computer servers for the botnet that ITSec Team used in its DDoS activities targeting the U.S. financial sector.
Additionally, OFAC today designated four Iranian nationals pursuant to E.O. 13694 for causing a significant disruption to the availability of a computer or network of computers while working for Mersad Co., a private computer security company based in Iran that was affiliated with the IRGC.
Sadegh Ahmadzadegan was responsible for managing the Mersad Co. botnet, which was used to target 24 corporations in the U.S. financial sector during DDoS attacks in 2012 and 2013. Sina Keissar, along with others at Mersad Co., placed malicious computer scripts on compromised computers and computer servers within the Mersad Co. botnet that performed several functions during those DDoS attacks against the U.S. financial sector. Keissar also procured U.S.-based computer servers used by Mersad Co. to access and manipulate the Mersad Co. botnet and performed preliminary testing of the same botnet prior to its use in the DDoS attacks. Omid Ghaffarinia, along with others at Mersad Co., developed malware and computer scripts, which they installed on the compromised computers and computer servers that constituted the Mersad Co. botnet, which allowed for remote access and control of the compromised computers. Nader Saedi, along with others at Mersad Co., planned and assisted in the same DDoS attacks. Saedi wrote computer scripts used to locate and exploit vulnerable servers to help build the Mersad Co. botnet used in the attacks.
On March 24, 2016, the Department of Justice announced that a grand jury in the Southern District of New York indicted the seven ITSec Team and Mersad Co. associated individuals being designated today.
For the Department of Justice press release, click here.
For more information on the individuals and entities designated today, click here.
President Donald Trump
Question: Of the Iran deal. I'm wondering if you will be announcing, or if you can tell us, give us a hint about whether you will make any decisions about adding more sanctions on Iran or even pulling out.
THE PRESIDENT: You'll see what I'm going to be doing very shortly in October. But I will say this: The Iran deal is one of the worst deals I've ever seen. Certainly, at a minimum, the spirit of the deal is just atrociously kept, but the Iran deal is not a fair deal to this country. It's a deal that should have never, ever been made. And you'll see what we're doing in a couple of weeks. It's going to be in October.
Question: Some major action, you think, by your administration?
THE PRESIDENT: You'll see. You're going to see. But we are not going to stand for what they're doing to this country. They have violated so many different elements, but they’ve also violated the spirit of that deal. And you will see what we'll be doing in October. It will be very evident.
—Sept. 14, 2017, at a press gaggle en route to Washington, D.C.
Secretary of State Rex Tillerson
SECRETARY TILLERSON: Well, first, with respect to the administration’s view of the JCPOA, of the nuclear deal with Iran, the Trump administration is continuing to review and develop its policy on Iran. It is underway. There have been several discussions internally among our NSC and along with the discussions with the President. But – so no decisions have been made.
But I think it’s worth noting that, as the administration continues this review of the JCPOA, I think President Trump has made it clear to those of us who are helping him develop this policy that we must take into account the totality of Iranian threats, not just Iran’s nuclear capabilities; that is one piece of our posture towards Iran. And I think if one revisits the preface to the JCPOA, that preface reads that the participants, quote, “anticipate that full implementation of this JCPOA will positively contribute to regional and international peace and security,” end quote. That was one of the expectations of the JCPOA.
In our view, Iran is clearly in default of these expectations of the JCPOA through their actions to prop up the Assad regime, to engage in malicious activities in the region, including cyber activity, aggressively developing ballistic missiles. And all of this is in defiance of UN Security Council Resolution 2231, thereby threatening – not ensuring, but threatening – the security of those in the region, as well as the United States itself. So we have to consider the totality of Iran’s activities and not let our view be defined solely by the nuclear agreement. So it continues to be under review. No final decision’s been made.
—Sept. 14, 2017, at a press conference in London