Mar 26, 2024NewsroomMoney Laundering / Digital Currency

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.

This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP).

In all, the designations cover thirteen entities and two individuals operating in the Russian financial services and technology sectors.

“Many of the individuals and entities designated today facilitated transactions or offered other services that helped OFAC-designated entities evade sanctions,” the Treasury said, adding the action seeks to “target companies servicing Russia’s core financial infrastructure and curtail Russia’s use of the international financial system to further its war against Ukraine.”

Bitpapa, which offers virtual currency exchange to Russian nationals, has been accused of facilitating transactions worth millions of dollars with sanctioned Russian entities Hydra Market and Garantex.

Crypto Explorer, the Treasury said, offers currency conversion services between virtual currencies, rubles, and UAE dirhams.

“AWEX offers cash services at its offices in Moscow and Dubai and also loads funds onto credit cards associated with OFAC-designated Russian banks such as Sberbank and Alfa-Bank,” it added.

Also sanctioned is another virtual currency exchange run by TOEP that’s alleged to have enabled digital payments in rubles and virtual currencies to sanctioned entities such as Sberbank, Alfa-Bank, and Hydra Market.

The penalty list also features Moscow-based fintech companies such as B-Crypto, Masterchain and Laitkhaus, which have partnered with sanctioned Russian banks to issue, exchange, and transfer cryptocurrency assets.

Pursuant to the sanctions, all properties and interests in the U.S. connected to designated individuals and entities will be frozen. Furthermore, entities at least 50% owned directly or indirectly by one or more blocked persons will also be subject to the blockade.

“Russia is increasingly turning to alternative payment mechanisms to circumvent U.S. sanctions and continue to fund its war against Ukraine,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence.

“As the Kremlin seeks to leverage entities in the financial technology space, Treasury will continue to expose and disrupt the companies that seek to help sanctioned Russian financial institutions reconnect to the global financial system.”

Mar 21, 2024NewsroomNational Security / Data Privacy

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations.

Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of Russia-based Company Group Structura LLC (Structura), have been accused of providing services to the Russian government in connection to a “foreign malign influence campaign.”

The disinformation campaign is tracked by the broader cybersecurity community under the name Doppelganger, which is known to target audiences in Europe and the U.S. using inauthentic news sites and social media accounts.

“SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of services, including the creation of websites designed to impersonate government organizations and legitimate media outlets in Europe,” the Treasury said.

Both Gambashidze and Tupikin have been accused of orchestrating a campaign in the Fall of 2022 that created a network of over 60 sites designed to masquerade as legitimate news websites and fake social media accounts to disseminate the content originating from those spoofed sites.

The department said the fake websites were built with an intent to mimic the appearance of their actual counterparts, with the portals including embedded images and working links to the legitimate sites and even impersonated the cookie consent pages as part of efforts to trick visitors.

Furthermore, a closer examination of the two cryptocurrency wallets listed by OFAC as associated with Gambashidze reveals that they have received more than $200,000 worth of USDT on the TRON network, with a significant chunk originating from the now-sanctioned exchange Garantex, Chainalysis said.

“He then cashed out most of his funds to a single deposit address at a mainstream exchange,” blockchain analytics firm noted. “These transactions highlight Garantex’s continued involvement in the Russian government’s illicit activities.”

Doppelganger, active since at least February 2022, has been described by Meta as the “largest and the most aggressively-persistent Russian-origin operation.”

In December 2023, Recorded Future revealed attempts by the malign network to leverage generative artificial intelligence (AI) to create inauthentic news articles and produce scalable influence content.

SDA and Structura, along with Gambashidze, have also been the subject of sanctions imposed by the Council of the European Union as of July 2023 for conducting a digital information manipulation campaign called Recent Reliable News (RRN) aimed at amplifying propaganda declaring support for Russia’s war against Ukraine.

“This campaign […] relies on fake web pages usurping the identity of national media outlets and government websites, as well as fake accounts on social media,” the Council said at the time. “This coordinated and targeted information manipulation is part of a broader hybrid campaign by Russia against the EU and the member states.”

The development comes as the U.S. House of Representatives unanimously passed a bill (Protecting Americans’ Data from Foreign Adversaries Act, or H.R.7520) that would bar data brokers from selling Americans’ sensitive data to foreign adversaries, counting China, Russia, North Korea, and Iran.

It also arrives a week after Congress passed another bill (Protecting Americans from Foreign Adversary Controlled Applications Act, or H.R.7521) that seeks to force Chinese company ByteDance to divest popular video sharing platform TikTok within six months, or risk facing a ban, due to national security concerns.

Feb 03, 2024NewsroomIntelligence Agency / Cyber Security

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries.

The officials include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

Reza Lashgarian is also the head of the IRGC-CEC and a commander in the IRGC-Qods Force. He is alleged to have been involved in various IRGC cyber and intelligence operations.

The Treasury Department said it’s holding these individuals responsible for carrying out “cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company.”

In late November 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that the Municipal Water Authority of Aliquippa in western Pennsylvania was targeted by Iranian threat actors by exploiting Unitronics PLCs.

The attack was attributed to an Iranian hacktivist persona dubbed Cyber Av3ngers, which came to the forefront in the aftermath of the Israel-Hamas conflict, staging destructive attacks against entities in Israel and the U.S.

The group, which has been active since 2020, is also said to be behind several other cyber attacks, including one targeting Boston Children’s Hospital in 2021 and others in Europe and Israel.

“Industrial control devices, such as programmable logic controllers, used in water and other critical infrastructure systems, are sensitive targets,” the Treasury Department noted.

“Although this particular operation did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences.”

The development comes as another pro-Iranian “psychological operation group” known as Homeland Justice said it attacked Albania’s Institute of Statistics (INSTAT) and claimed to have stolen terabytes of data.

Homeland Justice has a track record of targeting Albania since mid-July 2022, with the threat actor most recently observed delivering a wiper malware codenamed No-Justice.