Advanced Persistent Threat 39

Risk Level:
99% May harm your business future; Persons or entities that engage in transactions with this entity will be exposed to sanctions or subject to an enforcement action;

Working with this entity means supporting Iranian Regime, Regime Terrorist Activities & development of WMD

Top Alert – Entity designated / sanctioned for terror, WMD and human rights violation

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Iranian cyber threat group Advanced Persistent Threat 39 (APT39), 45 associated individuals, and one front company. Masked behind its front company, Rana Intelligence Computing Company (Rana), the Government of Iran (GOI) employed a years-long malware campaign that targeted Iranian dissidents, journalists, and international companies in the travel sector;

APT39 is being designated pursuant to E.O. 13553 for being owned or controlled by the MOIS, which was previously designated on February 16, 2012 pursuant to Executive Orders 13224, 13553, and 13572, which target terrorists and those responsible for human rights abuses in Iran and Syria, respectively;

“The Iranian regime uses its Intelligence Ministry as a tool to target innocent civilians and companies, and advance its destabilizing agenda around the world,” said Treasury Secretary Steven T. Mnuchin. “The United States is determined to counter offensive cyber campaigns designed to jeopardize security and inflict damage on the international travel sector.”;

Rana advances Iranian national security objectives and the strategic goals of Iran’s Ministry of Intelligence and Security (MOIS) by conducting computer intrusions and malware campaigns against perceived adversaries, including foreign governments and other individuals the MOIS considers a threat;

Rana is being designated pursuant to E.O. 13553 for being owned or controlled by MOIS. Forty-five cyber actors are also being designated pursuant to E.O. 13553 for having materially assisted, sponsored, or providing financial, material, or technological support for, or goods or services to or in support of the MOIS. The identification of these individuals and their roles related to MOIS and APT39 comes as the result of a long-term investigation conducted by the FBI Boston Division;

The 45 designated individuals served in various capacities while employed at Rana, including as managers, programmers, and hacking experts. These individuals provided support for ongoing MOIS cyber intrusions targeting the networks of international businesses, institutions, air carriers, and other targets that the MOIS considered a threat;

“Iran’s MOIS, through their front company Rana, recruited highly educated people and turned their cyber talents into tools to exploit, harass, and repress their fellow citizens and others deemed a threat to the regime. We are proud to join our partners at the Department of Treasury in calling out these actions. The sanctions announced hold these 45 individuals accountable for stealing data not just from dozens of networks here in the United States, but from networks in Iran’s neighboring countries and around the world.” (FBI Director Christopher Wray – September 17, 2020);

The MOIS, camouflaged as Rana, has played a key role in the GOI’s abuse and surveillance of its own citizens. Through Rana, on behalf of the MOIS, the cyber actors designated used malicious cyber intrusion tools to target and monitor Iranian citizens, particularly dissidents, Iranian journalists, former government employees, environmentalists, refugees, university students and faculty, and employees at international nongovernmental organizations. Some of these individuals were subjected to arrest and physical and psychological intimidation by the MOIS. APT39 actors have also victimized Iranian private sector companies and Iranian academic institutions, including domestic and international Persian language and cultural centers. Rana has also targeted at least 15 countries in the Middle East and North Africa region;

Tech Industry
Iranian Hackers

Involved In:
Conspiracy to Commit Computer Intrusions
Obtaining Information by Unauthorized Access to Protected Computers
Intentional Damage to Protected Computers
Aggravated Identity Theft
Conspiracy to Commit Wire Fraud

Also Known As:
Advanced Persistent Threat 39


Tehran, Iran

Reason for the color:
» Added to the Specially Designated Nationals (SDN) list maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on 7/24/2007 pursuant to Executive Order 13553 for being owned or controlled by MOIS;

You May Be Interested

IFMAT Color Guide

We sort entities who are connected with terrorist activities, in two sections, first by risk and second by geolocation.
GeoLocation divisions are divided into two fields, Black List and Gray List.
BlackList is a list of all companies, organizations and figures who originate from Iran.
GrayList is a list of all companies, organizations and figures out of Iranian borders, and doing business with Iran.
We identify risk of entities by COLOR selection, each color marks the risk level of the entity.(by declining order)
Designated / Sanctioned / Illicit entities
Entities affiliated with Designated / Sanctioned / Illicit entities.
Entities sanctioned in the past for Terror or Illicit activities / WMD related / Human rights violations.
Entities in a problematic sector - Sector controlled by the Top Alert entities.
Legitimate entities - we cannot determine whether an entity is completely green, and that is due to the facts that the Iranian economy is not transparent enough for us. Be sure.