On Sept. 27, 2024, the United States sanctioned seven Iranians, five men and two women, for attempting to interfere in the 2020 and 2024 U.S. presidential elections. One was a member of the Islamic Revolutionary Guard Corps, and the rest were employees of Emennet Pasargad, a sanctioned company. Their cyber activities, aimed at undermining confidence in elections, were part of a wider Iranian government operation. “The U.S. government continues to closely monitor efforts by malicious actors to influence or interfere in the integrity of our elections,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley Smith. The following are statements from the Treasury and State Departments.
State Department Spokesperson Matthew Miller
“The Department of State is taking coordinated action with other U.S. government agencies to respond to Iran’s operations that seek to influence the 2024 U.S. election, as well as previous operations dating back to 2020. Today, the Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on three malicious cyber actors associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), the IRGC’s interference in U.S. elections, or associated individuals and entities. In addition, the Department of the Treasury is designating seven individuals. Concurrently, the Department of Justice is taking additional actions against multiple Iranian actors.
“The Iranian regime is increasingly attempting to influence the outcome of the forthcoming U.S. election because it perceives the outcome will impact U.S. foreign policy towards Iran. Iranian state-sponsored actors have undertaken a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States’ election processes and institutions while also seeking to influence the political campaigns. The United States is committed to safeguarding the integrity of elections and democratic institutions around the world, including our own. Today’s actions underscore our continuous efforts to expose and deter activities that target our democracy.”
Treasury Sanctions Iranian Regime Agents Attempting to Interfere in U.S. Elections
Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated seven individuals as part of a coordinated U.S. government response to Iran’s operations that sought to influence or interfere in the 2024 and 2020 presidential elections. Iranian state-sponsored actors undertook a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States’ election processes and institutions and to interfere with political campaigns. The designations undertaken today pursuant to Executive Order (E.O.) 13848, complement law enforcement actions taken by the Department of Justice against a variety of Iranian election interference actors.
“The U.S. government continues to closely monitor efforts by malicious actors to influence or interfere in the integrity of our elections,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury, as part of a whole-of-government effort leveraging all available tools and authorities, remains strongly committed to holding accountable those who see to undermine our institutions.”
In the summer of 2024, the U.S. government identified that the Government of Iran had been seeking to stoke discord and undermine confidence in the United States’ democratic institutions, using social engineering and other efforts to gain access to individuals with direct access to the presidential campaigns. Such activities, including thefts and disclosures, are intended to influence the U.S. election process. Since at least May 2024, Iran-based hackers have increased their malicious cyber-enabled targeting of the 2024 U.S. presidential election. These intrusions have been reported as the work of “APT 42” and “Mint Sandstorm” by private security firms.
IRANIAN ELECTION INTERFERENCE & MALICIOUS CYBER-ENABLED OPERATIONS
2024 U.S. Presidential Election Interference
Since at least May 2024, Masoud Jalili (Jalili) and other Iranian Islamic Revolutionary Guard Corps (IRGC) members compromised several accounts of officials and advisors to a 2024 presidential campaign and leaked stolen data to members of the media and other persons for the purpose of influencing the 2024 U.S. presidential election, using technical infrastructure known to be associated with Jalili. Jalili is also responsible for malicious cyber operations targeting a former U.S. government official in 2022. In 2022, Jalili used spear-phishing in an attempt to compromise the former U.S. official’s personal accounts.
OFAC designated Jalili pursuant to E.O. 13848 for being controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, the IRGC, a person whose property and interests in property are blocked pursuant to E.O. 13848.
In addition to his designation, the Department of Justice has unsealed an indictment charging Jalili and two IRGC co-conspirators and the Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on Jalili and his two associates for their attempt to interfere in U.S. elections.
2020 U.S. Presidential Election Interference
Today, OFAC is also designating six employees and executives of Emennet Pasargad, an Iranian cybersecurity company formerly known as Net Peygard Samavat Company, which attempted to interfere in the 2020 U.S. presidential election.
Between approximately August and November 2020, Emennet Pasargad led an online operation to intimidate and influence American voters, and to undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election. Emennet Pasargad personnel obtained or attempted to obtain U.S. voter information from U.S. state election websites, sent threatening emails to intimidate voters, and crafted and disseminated disinformation pertaining to the election and election security. In November 2021, OFAC designated Emennet Pasargad pursuant to E.O. 13848 for attempting to influence the 2020 U.S. presidential election, and five Emennet Pasargad associates pursuant to E.O. 13848 for acting, or purporting to act, for or on behalf of Emennet Pasargad.
In February 2019, OFAC designated Emennet Pasargad pursuant to E.O. 13606 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Islamic Revolutionary Guard Corps-Electronic Warfare and Cyber Defense Organization. Net Peygard Samavat Company was involved in a malicious cyber campaign to gain access to and implant malware on the computer systems of current and former U.S. counterintelligence agents. After being designated, Net Peygard Samavat Company rebranded itself as Emennet Pasargad, presumably to evade sanctions and continue its malicious cyber operations.
DESIGNATION OF EMENNET PASARGAD EMPLOYEES
Ali Mahdavian, Fatemeh Sadeghi, and Elaheh Yazdi are employees of Emennet Pasargad and were named in a November 2023 U.S. Department of State Rewards for Justice program. Sayyed Mehdi Rahimi Hajjiabadi, Mohammad Hosein Abdolrahimi, and Rahmatollah Askarizadeh are also employees of Emennet Pasargad.
OFAC designated Ali Mahdavian, Fatemeh Sadeghi, Elaheh Yazdi, Sayyed Mehdi Rahimi Hajjiabadi, Mohammad Hosein Abdolrahimi, and Rahmatollah Askarizadeh pursuant to E.O 13848 for being controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Emennet Pasargad, a person whose property and interests in property are blocked pursuant to E.O. 13848.
SANCTIONS IMPLICATIONS
As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.
In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.
The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.
Click here for more information on the individuals designated today.