Building 5, 2nd Floor, Amir al-Momenein Alley, 31st Alley, Central Area, Yazd, 8916984626, Iran
Reg. ID
10860176637, National ID No.;
8862, Registration ID
Official reason
This IRGC-affiliated group is comprised of employees and associates of Najee Technology Hooshmand Fater LLC (Najee Technology) and Afkar System Yazd Company (Afkar System). Mansour is the owner, managing director, and chairman of the board of Najee Technology. Ahmad Khatibi Aghda (Khatibi) is managing director and member of the board of Afkar System. Additional employees and associates of Najee Technology and/or Afkar System include: Ali Agha-Ahmadi (Ali Ahmadi); Mohammad Agha Ahmadi (Mohammad Ahmadi); Mo’in Mahdavi (Mahdavi); Aliakbar Rashidi-Barjini (Rashidi); Amir Hossein Nikaeen Ravari (Nikaeen); Mostafa Haji Hosseini (Mostafa); Mojtaba Haji Hosseini (Mojtaba); and, Mohammad Shakeri-Ashtijeh (Shakeri).
Khatibi has been associated with Afkar System since at least 2007 and serves as its managing director and is a member of the board. Khatibi is among the cyber actors who gained unauthorized access to victim networks to encrypt the network with BitLocker and demand a ransom for the decryption keys. He leased network infrastructure used in furtherance of this malicious cyber group’s activities, he participated in compromising victims’ networks, and he engaged in ransom negotiations with victims.
Nikaeen was an employee of Afkar System from to 2015 to at least 2019. Nikaeen leased and registered network infrastructure used in furtherance of this malicious cyber group’s activities and participated in compromising victims’ networks. Afkar System was designated pursuant to E.O. 13694, as amended, for being owned or controlled by, or for having acted for or on behalf of, directly or indirectly, Khatibi, a person whose property and interests in property are blocked pursuant to E.O. 13694, as amended.
Executive Order 13694 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities;
Executive Order 13757 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities
On December 31, 2015, OFAC issued the Cyber-Related Sanctions Regulations, 31 CFR part 578 (80 FR 81752, December 31, 2015) (the “Regulations”) to implement Executive Order (E.O.) 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities” (80 FR 18077, April 2, 2015), pursuant to authorities delegated to the Secretary of the Treasury in E.O. 13694. The Regulations were initially issued in abbreviated form for the purpose of providing immediate guidance to the public. OFAC is revising the Regulations to further implement E.O. 13694, as amended by E.O. 13757 of December 28, 2016, “Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities” (82 FR 1, January 3, 2017), as well as certain provisions of title II of the Countering America's Adversaries Through Sanctions Act (Pub. L. 115–44, 131 Stat. 886 (codified in scattered sections of 22 U.S.C.)) (CAATSA). OFAC is amending and reissuing the Regulations as a more comprehensive set of regulations that includes additional interpretive guidance and definitions, general licenses, and other regulatory provisions that will provide further guidance to the public. Due to the number of regulatory sections being updated or added, OFAC is reissuing the Regulations in their entirety.
E.O. 13694, as Amended by E.O. 13757. On April 1, 2015, the President, invoking the authority of, inter alia, the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), issued E.O. 13694. In E.O. 13694, the President determined that the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, and declared a national emergency to deal with that threat.
On December 28, 2016, the President issued E.O. 13757 to take additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities declared in E.O. 13694. E.O. 13757 added an Annex to E.O. 13694 and amended section 1 of E.O. 13694 by replacing section 1(a) in its entirety.
