From September 2021 through the present, this group primarily gained unauthorized access to victim networks by exploiting Microsoft Exchange and related ProxyShell vulnerabilities, including an incident in October 2021 when they compromised the network of an electric utility company serving a rural area of the United States, and maliciously used BitLocker to disrupt operations. Additional employees and associates of Najee Technology and/or Afkar System include: Ali Agha-Ahmadi (Ali Ahmadi); Mohammad Agha Ahmadi (Mohammad Ahmadi); Mo’in Mahdavi (Mahdavi); Aliakbar Rashidi-Barjini (Rashidi); Amir Hossein Nikaeen Ravari (Nikaeen); Mostafa Haji Hosseini (Mostafa); Mojtaba Haji Hosseini (Mojtaba); and, Mohammad Shakeri-Ashtijeh (Shakeri). The IRGC-affiliated employees—Mansour, Ali Ahmadi, Mohammad Ahmadi, Mahdavi, Rashidi, Khatibi, Nikaeen, Mostafa, Mojtaba, and Shakeri— of the IRGC-affiliated companies, Najee Technology and Afkar System, are responsible for or complicit in, or have engaged in, directly or indirectly, global targeting of various networks, including critical infrastructure, by exploiting well-known vulnerabilities to gain initial access in furtherance of malicious activities, including ransom operations.
Mansour, Ali Ahmadi, Mohammad Ahmadi, Mahdavi, Rashidi, Khatibi, Nikaeen, Mostafa, Mojtaba, and Shakeri were designated pursuant to Executive Order (E.O.) 13694, as amended, for being responsible for or complicit in, or having engaged in, directly or indirectly, a cyber-enabled activity identified pursuant to E.O. 13694, as amended.
On August 16, 2010, OFAC issued the Iranian Financial Sanctions Regulations, 31 CFR part 561 (75 FR 49836, August 16, 2010) (IFSR) to implement provisions of the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 (Pub. L. 111–195) (22 U.S.C. 8501–8551). Since then, OFAC has amended the IFSR several times.
