The US has offered a $10m reward for information on six identified Iranian government hackers responsible for a series of cyberattacks on US water utilities last fall.
The State Department statement said it is looking for "information leading to the identification or location" of the suspects.
The six Iranian officials named in the advisory are linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and its Cyber-Electronic Command (IRGC-CEC).
They are accused of compromising industrial control systems, specifically targeting the Vision series of programmable logic controllers (PLCs) manufactured by Israel-based Unitronics. These PLCs are widely used in various industries, including water and wastewater, energy, food and beverage, manufacturing, and healthcare.
The men identified include Hamid Reza Lashgarian. head of the IRGC’s cyber-electronic command and a commander in the IRGC-Qods Force.
The officials have been linked to the hacking group CyberAv3ngers. In October, CyberAv3ngers publicly took credit for cyberattacks against Israeli PLCs, and starting in November, they compromised the default credentials in these PLCs across the US, leaving messages on the devices’ digital screens with anti-Israel statements. These compromises often rendered the devices inoperative.
On February 2, the US imposed sanctions on the same six individuals for their “deliberate targeting of critical infrastructure.” A Treasury Department official condemned the attacks as “unconscionable and dangerous,” emphasizing that the US “will not tolerate such actions and will use the full range of our tools and authorities to hold the perpetrators to account.”
The IRGC-CEC was previously sanctioned by the US in 2018 and designated a terror group in 2019.
The individuals were named as Specially Designated Nationals under Executive Order (E.O.) 13224, which targets leaders and officials of terrorist organizations.
The sanctions block all property and interests in property of the designated officials within the US or controlled by US citizens and generally prohibit US citizens from engaging in transactions with them.