The US and UK governments have both issues sanctions in response to recent cyber-attacks.
Yesterday, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that five Iranian entities have been “designated” for attempting to influence elections in the United States. The OFAC said the Iranian regime “has targeted the United States’ electoral process with brazen attempts to sow discord among the voting populace by spreading disinformation online and executing malign influence operations aimed at misleading US voters.”
This involved components of the government of Iran, including the Islamic Revolutionary Guard Corps (IRGC), the IRGC-Qods Force (IRGC-QF) and Bayan Rasaneh Gostar Institute (Bayan Gostar), disguising itself as news organizations or media outlets in order to subvert US democratic processes. Also, the Iranian Islamic Radio and Television Union (IRTVU) and International Union of Virtual Media (IUVM) were designated as being owned or controlled by the IRGC-QF.
The disinformation campaigns “focus on sowing discord among readers via social media platforms and messaging applications, and frequently involve mischaracterizing information” it claimed. This included influencing the election by exploiting social issues within the United States, including the COVID-19 pandemic and denigrating US political figures.
As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the US populace ahead of the presidential election.
Also, IRTVU, said to be a propaganda arm of the IRGC-QF, and IUVM, aided Bayan Gostar in efforts to reach US audiences by amplifying false narratives in English, and posting disparaging propaganda articles and other US-oriented content, with the intent to sow discord among US audiences. IUVM is also alleged to have posted conspiracy theories and disinformation related to the COVID-19 pandemic.
The statement came in the same week as the UK enforced new sanctions against Russia after a cyber-attack hit the German parliament in 2015. The UK said it will enforce asset freezes and travel bans against two Russian GRU officers and the GRU’s military intelligence unit 26165 – codenamed APT28 and Fancy Bear – which it said were responsible for the attacks.
In the attack, it is alleged unit 26165 targeted information systems, stole significant amounts of data and affected email accounts belonging to German MPs and the vice-chancellor.
The National Cyber Security Centre (NCSC) supported the attribution of the attack to Russia, and welcomed the sanctions and the multi-national and joint approach being taken with allies standing in solidarity against the attacks.
Paul Chichester, director of operations at the NCSC, said: “We fully support these sanctions, which send a strong message that that there will be consequences for those who target us or our allies in cyberspace. We will continue to work closely with our allies to counter malicious cyber-activity from the GRU and others who would seek to do us harm.”
Commenting, Ben Read, senior manager of analysis at Mandiant Threat Intelligence, said the EU and UK sanctions demonstrate the increased international willingness to hold countries accountable for the cyber-intrusions carried out by their security services. “The GRU (which we believe is linked to the threat group APT28) has compromised European governments including Germany for years, and shows no sign of slowing down,” he said. “While the technical features of its operations will continue to evolve, the strategic goal of gathering information for the Russian Government and projecting Russian power have remained consistent.”