US offers Up to $10 Million Reward for Info on Malicious Iranian Cyber Group. The United States has announced a significant reward for information leading to the identification or location of members of a notorious Iranian cyber group. The U.S. Department of State’s Rewards for Justice (RFJ) program is offering up to $10 million for credible information regarding the activities of ‘CyberAv3ngers,’ a group alleged to be involved in malicious cyber operations against U.S. interests.
US Offers Up to $10 Million Reward for Info on Malicious Iranian Cyber Group
‘CyberAv3ngers’ is reportedly a cyber operations group linked to the Islamic Revolutionary Guard Corps (IRGC), a branch of the Iranian military. The group has been accused of engaging in a series of hostile cyber activities, targeting various sectors and infrastructures within the United States.
The RFJ has named six individuals associated with the IRGC who are believed to be key members of this cyber group. These individuals are:
- Hamid Homayunfal
- Hamid Reza Lashgarian
- Mahdi Lashgarian
- Milad Mansuri
- Mohammad Bagher Shirinkar
- Reza Mohammad Amin Saberian
According to the RFJ notice, Hamid Reza Lashgarian is identified as the head of the IRGC’s Cyber-Electronic Command (IRGC-CEC) and is also a commander within the IRGC’s Quds Forces. The other individuals are described as senior officials within the IRGC-CEC, playing critical roles in the group’s operations.
Targeted Cyber Attacks
One of the most significant actions attributed to ‘CyberAv3ngers’ is the attack on the Vision series of programmable logic controllers (PLCs) manufactured by Unitronics, an Israel-based company. These PLCs are widely used across various industries, including water and wastewater management, energy, food and beverage production, manufacturing, and healthcare.
In October 2023, members of ‘CyberAv3ngers’ claimed responsibility for these cyberattacks through their Telegram channel. The group compromised the default credentials of these PLCs and left politically charged messages on the devices’ digital screens. Messages such as “You have been hacked, down with Israel” and “Every equipment ‘made in Israel’ is CyberAv3ngers legal target” were displayed, indicating their intent and ideological motivations.
Ongoing Threats and Sanctions
The RFJ revealed that the ‘CyberAv3ngers’ group had been actively compromising these PLCs across the United States since at least November 2023. The group’s actions have raised significant concerns about the security of critical infrastructure and the potential for widespread disruption.
In response to these activities, the U.S. government has imposed sanctions on all six individuals named in the RFJ notice. Since February 2024, any assets or properties belonging to these individuals within the U.S. have been seized, and all financial transactions involving U.S. nationals have been blocked.
The Broader Context of Cyber Threats
The threat posed by ‘CyberAv3ngers’ is part of a broader pattern of cyber and information warfare that has intensified as global tensions rise. According to Malcolm Nance, a senior U.S. intelligence officer specializing in counter-terrorism and code-breaking, the U.S. remains “very vulnerable” to disinformation campaigns, particularly as the 2024 presidential election approaches. These campaigns often involve state-sponsored actors from countries such as Russia, China, and Iran, who seek to influence public opinion and disrupt democratic processes.
In July 2024, the U.S. Department of Justice took action against a Russian operation that used artificial intelligence (AI) to spread propaganda across the U.S., Europe, and Israel. Similarly, Microsoft researchers reported in June 2024 that Iranian government-linked hackers attempted to breach the account of a high-ranking official involved in the U.S. presidential campaign, following a successful breach of a county-level official’s account.
These incidents highlight the increasing sophistication and persistence of cyber threats from state-sponsored actors, with potential implications for national security, infrastructure, and democratic institutions.
Conclusion
The U.S. government’s offer of a $10 million reward underscores the seriousness with which it views the threat posed by ‘CyberAv3ngers’ and similar groups. By offering such a substantial reward, the U.S. hopes to gather critical information that could lead to the disruption of these cyber activities and the prosecution of those responsible. As the cyber warfare landscape continues to evolve, vigilance and international cooperation will be crucial in addressing these threats and protecting vital infrastructure.
