Archive for the ‘Iran’ Category

Former Iranian-Owned Boeing Aircraft Successfully Returned to the United States – Department of Justice

The Department of Justice today completed enforcement of a final order for forfeiture of a U.S.-manufactured Boeing 747 cargo plane, previously owned by Mahan Air, a sanctioned Iranian airline affiliated with the Islamic Revolutionary Guard Corp-Qods Force (IRGC-QF), a designated Foreign Terrorist Organization (FTO).

On Feb. 11, the government of Argentina transferred physical custody of the aircraft to the United States pursuant to the final order of forfeiture, which was issued by the U.S. District Court for the District of Columbia on May 3, 2023, which rests all right, title, and interest in the aircraft in the United States of America. The Boeing 747 cargo plane arrived in the Southern District of Florida where it will be prepared for disposition.

The seized American-built aircraft was transferred by a sanctioned Iranian airline in a transaction that violated U.S. export control laws and directly benefited the Islamic Revolutionary Guard Corps, which is a designated terrorist organization, said Assistant Attorney General Matthew G. Olsen of the Justice Departments National Security Division. The Justice Department is committed to ensuring that the full force of U.S. laws deny hostile state actors the means to engage in malign activities that threaten our national security.

Mahan Air known to ferry weapons and fighters for the Islamic Revolutionary Guard Corps and Hizballah violated our export restrictions by selling this airplane to a Venezuelan cargo airline. Now, its property of the United States government, said Assistant Secretary of Export Enforcements Matthew S. Axelrod. This seized airplanes arrival in the United States is a powerful example of our unceasing efforts to prevent Iran and its proxies from leveraging and profiting from U.S. technology.

The United States forfeiture of the Boeing 747 cargo plane culminates over 18 months of planning, coordination, and execution by the United Statesgovernmentand our Argentine counterparts, saidU.S.AttorneyMarkenzy Lapointefor the Southern District of Florida.Bad actors both near and far are on alert that the United States will use all its tools to hold those who violateourlawsto account. The successful seizure of the Boeing 747 underscores ourcommitment to prevent the illegal exportation of U.S. technologies and enforce U.S. exportcontrollaws.

Using a whole-of-government approach, we have worked with our international partners to forfeit a plane transferred by Iranian entities in violation of U.S. sanctions and export control laws, said U.S. Attorney Matthew M. Graves for the District of Columbia. Foreign adversaries seeking to illegally use American-made products to further their endeavors need to know that the United States government will work with the international community to hold them accountable for their illegal conduct.The United States appreciates the collaboration with our Argentinian law enforcement and judicial partners.

The transfer of this plane to U.S. custody is the final step in the long process to bring this case to its rightful conclusion, said Executive Assistant Director Larissa L. Knapp of the FBI's National Security Branch The FBI, along with our federal government and international partners, used every tool under our authorities to hold the Iranian government and their affiliates accountable for violating U.S. laws.

The plane was previously detained by Argentine law enforcement. On July 19, 2022, the U.S. District Court for the District of Columbia issued a seizure warrant for the aircraft, which Argentine authorities promptly enforced. On Oct. 20, 2022, in support of its ongoing criminal investigation, the United States filed a civil forfeiture complaint alleging that the aircrafts transfer from Mahan Air to Empresa de Transporte Areocargo del Sur, S.A. (EMTRASUR), a Venezuelan cargo airline and subsidiary of ConsorcioVenezolano deIndustriasAeronuticas yServiciosAreos, S.A (CONVIASA), a Venezuelan state-owned company, violated U.S. export control laws. As alleged, Mahan Air was subject to a Department of Commerce Temporary Denial Order, which prohibited, among other things, Mahan Air from engaging in any transactions involving any commodity exported from the United States that is subject to the Export Administration Regulations. The complaint further alleged that the unauthorized transfer of this aircraft directly benefited the IRGC-QF.

According to court documents, the registered captain of the aircraft was an ex-commander for the IRGC and a shareholder and member of the board of a second sanctioned Iranian airline, Qeshm Fars Air, affiliated with the IRGC-QF. Argentinian law enforcement also recovered a Mahan Air flight log documenting the aircrafts flights after the unlawful transfer to EMTRASUR and confirmed additional violations of U.S. export control laws between February and May 2022 when EMTRASUR reexported the aircraft between Caracas, Venezuela; Tehran, Iran; and Moscow, Russia, without U.S. Government authorization.

This matter is being investigated by the Department of Commerce Bureau of Industry and Securitys Miami Field Office and the FBI Miami Field Office.

Assistant U.S. Attorney Rajbir Datta for the District of Columbia, Assistant U.S. Attorney Andy R. Camacho for the Southern District of Florida, and Trial Attorney Alexander Wharton of the National Security Divisions Counterintelligence and Export Control Section are handling the seizure and investigation, with assistance from Paralegal Specialist Brian Rickers and Legal Assistant Jessica McCormick. Senior Trial Attorney John Beasley and Trial Attorney Jesse Ormsby of the Justice Departments Office of International Affairs; Special Agent Adam Mastriani and Task Force Officer Robert Cunniff of the FBI Miami Field Office; and Ricardo Hernandez of the FBIs Legal Attach in Buenos Aires provided significant assistance in working with the Argentine authorities, led by Argentine Federal Judge Federico Villena and the U.S. Marshals Service to manage the difficult logistics and coordination of the physical transfer of the Boeing aircraft from Argentina to the United States.

Read this article:
Former Iranian-Owned Boeing Aircraft Successfully Returned to the United States - Department of Justice

The $2.8 Billion Hole in U.S. Sanctions on Iran – The New York Times

Tugboats maneuvered the tanker Eternal Fortune into a berth at the Kharg Island oil terminal on Oct. 28, 2023, while it was falsely broadcasting its location as in the Gulf of Oman. The vessel was insured by an American company.

Maxar Technologies

Tug boats maneuvered the tanker Eternal Fortune into a berth at the Kharg Island oil terminal on Oct. 28, 2023 while it was falsely broadcasting its location as in the Gulf of Oman. The vessel was insured by an American company.

Maxar Technologies

For months, as Iran-backed groups attacked U.S. forces and allies in the Middle East, the Biden administration hailed its efforts to restrict Irans oil revenue and the countrys ability to fund proxy militias. The Treasury secretary told Congress that her teams were doing everything that they possibly can to crack down on illegal shipments, and a senior White House adviser said that extreme sanctions had effectively stalled Irans energy sector.

But the sanctions failed to stop oil worth billions of dollars from leaving Iran over the past year, a New York Times investigation has found, revealing a significant gap in U.S. oversight.

The oil was transported aboard 27 tankers, using liability insurance obtained from an American company. That meant that the U.S. authorities could have disrupted the oils transport by advising the insurer, the New York-based American Club, to revoke the coverage, which is often a requirement for tankers to do business.

Instead, the 27 tankers were able to transport shipments across at least 59 trips since 2023, The Times found, with half the vessels carrying oil on multiple journeys.

The Treasury Department did not respond to a question about whether it was aware the ships had transported Iranian oil while insured by the American Club.

The tankers exhibited warning signs that industry experts, and the Treasury, have said collectively warrant greater scrutiny. Among other red flags, the ships are: owned by shell companies, older than average vessels and use a tactic called spoofing to hide their true locations.

Satellite imagery, much of it freely accessible to the public, captured the tankers during their oil transports.

fortune galaxy

Feb. 25, 2023

galaxy star

Mar. 10, 2023

cathay kirin

Mar. 12, 2023

duplic dynamic

Jun. 11, 2023

fortune galaxy

Jun. 24, 2023

fortune galaxy

Jul. 13, 2023

cathay kirin

Aug. 8, 2023

fortune galaxy

Aug. 18, 2023

fortune galaxy

Sept. 4, 2023

galaxy star

Sept. 19, 2023

fortune galaxy

Oct. 4, 2023

eternal fortune

Oct. 29, 2023

eternal success

Nov. 23, 2023

fortune galaxy

Nov. 24, 2023

Sources: Copernicus Sentinel-2, Planet Labs, Maxar Technologies, TankerTrackers.com, Spire Global, MarineTraffic

Satellite images on display represent one of several methods that The Times relied on to locate each tanker.

It is unclear who the U.S. government considers primarily responsible for identifying suspicious tankers. The Treasury is tasked with administering sanctions by investigating and blacklisting individuals or companies participating in illicit activities. But it places some of the burden on insurers to monitor for suspicious behavior through the regular release of advisories and alerts.

To identify the shipments of Iranian oil, The Times built a database of thousands of tankers and their whereabouts using maritime data and satellite imagery. Vessels whose voyage paths showed irregularities were cross-referenced with information provided by Samir Madani, co-founder of TankerTrackers.com, a company that monitors oil shipping.

SynMax and Pole Star, two other companies that monitor shipping, provided additional data.

In late-January, several weeks after the American Club was mentioned at a Congressional hearing titled "Restricting Rogue-State Revenue", coverage for many of the tankers identified by The Times abruptly ended. The company said that the stoppages were the result of its own internal investigations. Five of the vessels are still insured by the company, according to data listed on its website; the American Club said it is still investigating those ships.

The Timess findings come as the Biden administration is under increasing scrutiny from lawmakers and advocacy groups for its handling of sanctions on Iran.

It is very concerning, said Senator Maggie Hassan, a Democrat of New Hampshire, who has filed a bill to strengthen the enforcement of sanctions on deceptive ships.

The United States must use every tool at its disposal to identify, stop and sanction these bad actors, she said. These new revelations highlight the stakes.

In response to Times findings, a Treasury spokesperson said in a statement: Treasury remains focused on targeting Irans sources of illicit funding, including exposing evasion networks and disrupting billions of dollars in revenue.

The spokesperson added that this month the department had taken action against what it called a Hong Kong-based front company, which U.S. officials said had funded Irans Revolutionary Guards Corps.

Kharg Island, pictured in 2017, is one of Irans main oil terminals where many of the American Club-insured tankers loaded oil.

Fatemeh Bahrami/Anadolu Agency via Getty Images

The insurance provided by companies like the American Club is a key factor in the tankers ability to move oil; industry insiders call it a vessels ticket to trade. Most major ports insist that ships have proof of liability coverage, among other requirements, before they can enter and do business.

The American Club is one of only 12 major insurers of its kind, and the only one based in the United States. Specifically, the company says, its policies cover third parties affected during an accident caused by a ships negligence.

Because of these insurers importance to shipping, they have been consulted by the U.S. government when developing sanctions on Russian oil sales.

Daniel Tadros, the American Clubs chief operating officer, said his company has one of the most stringent compliance programs in the industry. But he said that the companys six-person compliance team was overwhelmed each month with hundreds of inquiries about potentially suspicious vessels, and that investigating even a single case takes time.

It's impossible for us to know on a daily basis exactly what every ship is doing, where it's going, what it's carrying, who its owners are, Mr. Tadros said. I would like to think that governments have a lot more capability, manpower, resources to follow that.

He added that the U.S. government had only recently suggested the use of satellite imagery for maritime-related businesses looking for sanctions evasion. Satellite imagery has been used as a ship-tracking tool in the industry for at least a decade.

Shipowners willing to skirt trade restrictions can make more than their normal commissions. But to maintain business connections with the West, including with insurers, they may resort to using deceptive tactics.

Since the start of 2023, the 27 vessels moved roughly 59 million barrels of oil, according to a Times analysis. The calculation is based on a tankers depth in the water before and after the oil was loaded, a measurement used by industry analysts.

There is no official source detailing the amount of oil that leaves Iran. According to estimates from Kpler, a company that monitors global trade, the oil carried by the tankers would amount to roughly 9 percent of Iran's oil exports over that period.

Sources: Copernicus Sentinel-2, Planet Labs, Maxar Technologies, Spire Global, MarineTraffic, TankerTrackers.com

Note: Pickups include those made at Iranian ports as well as via transfer at sea from other ships to American Club-insured ships. The map does not represent all oil pickups The Times found.

Many of the tankers ultimately ended up in China, which has tripled its imports of Iranian oil over the past two years.

Some of the shipments continued into the fall, as one Iran-backed group, Hamas, led the Oct. 7 assault on Israel, and other Iran-aligned militants, like the Houthis in Yemen, launched attacks on shipping routes and U.S. forces in the region.

By then, the tankers had transported at least $2.8 billion in crude oil, based on the lowest reported prices of Iranian oil in 2023.

That dollar amount could be higher. The Times found eleven more tankers, anchored off Iranian oil ports last year, that used deceptive practices and carried American Club insurance. Although there is little other reason for the ships to hide their presence, The Times could not verify whether they loaded oil.

Where contact information was available, The Times sought comment from more than 40 entities linked to the tankers involved in moving Iranian oil. None replied.

Some experts expressed doubt that the American Club was doing everything it could to identify deceptive ships.

Responsible, reputable insurers waste no time in confronting their clients or club members, Mr. Madani of TankerTrackers.com said.

David Tannenbaum, a former sanctions compliance officer for the Treasury Department who now works as a consultant for a compliance advisory company, said his research showed that the American Club covers a large proportion of deceptive vessels when compared with similar insurers.

While weve seen spoofers infiltrate almost all of the major protection and indemnity clubs, they are definitely a leader, he said.

Last week, Bloomberg reported that the American Club had insured more ships suspected of violating sanctions than other comparable insurers, according to data from United Against Nuclear Iran, a privately funded group advocating stronger sanctions on Iran.

(Many of the vessels noted by the group were also identified by The Times. Mr. Tadros, the American Club executive, said his company had removed insurance for the claims it could corroborate. He said in some cases United Against Nuclear Iran presented flawed evidence, which The Times also concluded for one of the accused tankers.)

The Times was able to use satellite imagery and information available to the shipping industry, such as signals that ships transmit to report their purported locations, to identify the tankers.

The tankers deception mainly involved a practice known as spoofing in which vessels broadcast fake route information to hide their true locations. Last August, for example, the tanker Glory broadcast that it was off the coast of the United Arab Emirates when it was really loading oil in Asaluyeh, Iran.

Sources: Copernicus Sentinel-2, Spire Global, MarineTraffic, TankerTrackers.com, SynMax

Note: Locations relative to each other are approximate in time.

In some cases, tankers also conducted ship-to-ship transfers, exchanging goods with another vessel at sea. The practice is common, but can be used to conceal a cargos origin, especially when used with spoofing. Ship-to-ship transfers near Iran frequently occurred just off the coast, such as when the tanker Shalimar took on oil in October. For each transfer, The Times traced the cargo back to Iranian oil terminals.

Sources: Copernicus Sentinel-2, Spire Global, MarineTraffic, TankerTrackers.com

Note: Locations relative to each other are approximate in time.

The Times also found some tanker crews altering the physical appearance of their ships. On one spoofing vessel, a red tarp was spread over its green deck in an apparent effort to disguise itself from satellites.

A month after leaving China, the American Club-insured tanker Irises reaches the Gulf of Oman for at least the fourth time in 2023.

Red tarps appear partially covering the deck of the Irises. The ship begins spoofing its location as it approaches the Persian Gulf.

Elsewhere, a ship owned by the National Iranian Tanker Company loads oil from Kharg Island.

The two ships meet in the Persian Gulf, with more red tarp visible on the Irises deck. The Iranian ship transfers oil to the Irises.

Sources: Planet Labs, Copernicus Sentinel-2, Spire Global, MarineTraffic, TankerTrackers.com

Even though the tankers used deceptive tactics, their spoofing had identifiable patterns. Many pretended to anchor off Oman or in the Persian Gulf for days, while satellite imagery showed they were not there. Some ships even broadcasted signals showing them on land and moving at high speeds, a physical impossibility.

Several of the tankers had a history of picking up oil in other countries under U.S. sanctions. Before they moved the Iranian oil, a Times analysis found, eight of the tankers spoofed their locations while carrying Venezuelan oil that was subject to sanctions. Its unclear if they were insured by the American Club at the time.

One of the tankers did carry American Club insurance when The Times found it likely evading Russian sanctions last year.

The American Clubs role in insuring the 27 tankers could put the company in potential violation of sanctions, industry experts said.

Mr. Tadros disagreed. He said the company includes a clause in its contracts, based on Treasury guidance, that nullifies coverage if a ship violates sanctions. He argued this protects the insurer from being complicit in potential violations.

The American Club takes its obligations seriously and works diligently to comply with sanctions regulations, Mr. Tadros said.

The Treasury office has publicly enforced sanctions on the American Club only once in the past 20 years. In 2013, the office announced that it found the insurer had processed dozens of claims for ships that violated sanctions on Cuba, Sudan and Iran. Treasury officials calculated the penalty for the apparent violations totaled more than $1.7 million.

Ultimately, the office said the American Club did not appear to have been willful or reckless and the case was settled. The company agreed to pay a reduced fine of $348,000.

Sources and Methodology

Times reporters built a database of nearly 20,000 tankers and their owners, operators, managers and insurers by combining information from Equasis; the International Maritime Organization; and Pole Star, a maritime intelligence company. Times reporters cross-referenced this information with the websites of the major insurance companies, which all maintain freely accessible databases of ships they insure.

The publicly available location data of the ships, known as their automatic identification system or AIS, was obtained through MarineTraffic and Spire Global. The platforms show live ship locations around the world and keep records of past voyages.

To detect any irregularities in the AIS paths that may be signs of deceptive practices, The Times used data on spoofing ships provided by TankersTrackers.com, as well as from SynMax, a satellite data analytics company, and Spire Global; and information collected through The Timess own reporting. Reporters then crossed-referenced the sources with satellite imagery.

The satellite imagery used to search for the ships reported and actual locations came from Planet Labs, Maxar Technologies and the European Space Agencys Copernicus Sentinel-2 satellite, which is publicly available. A large share of the spoofing tankers had already been spotted in Iranian waters by TankerTrackers.com.

Go here to read the rest:
The $2.8 Billion Hole in U.S. Sanctions on Iran - The New York Times

Designating Persons Tied to Network Smuggling U.S. Technology to Central Bank of Iran – United States Department of … – Department of State

The United States is today designating four entities and three individuals tied to a network facilitating the illegal export of U.S. goods and technology to end users in Iran, including the Central Bank of Iran. The Central Bank of Iran has played a critical role in providing financial and technological support to the Islamic Revolutionary Guard Corps-Qods Force and Hizballah, both foreign terrorist organizations and key drivers of the ongoing conflict in the Middle East.

Todays action demonstrates that defying export restrictions and circumventing sanctions against Iran will result in consequences. The United States is steadfast in its commitment to countering terrorist financing and will continue to use all available means to disrupt the illegal procurement of sensitive technology by the Iranian regime.

The Department of the Treasury designations were taken pursuant toExecutive Order 13224, as amended. For more information on todays action, see Treasuryspress release.

View post:
Designating Persons Tied to Network Smuggling U.S. Technology to Central Bank of Iran - United States Department of ... - Department of State

Update on Santander, Iran and US sanctions – Santander

13 February 2024

In response to an article published in UK media on 4th February, Santander can say categorically that, after a thorough internal investigation, it has not found any direct nor indirect sanctions breach in any part of the group. We have distributed the following communication to our teams:

As we informed you last week, a UK media outlet published a report on 4 February 2024 about a Santander account allegedly linked to Iran.

We have conducted a thorough investigation into the allegations and the circumstances related to the opening and use of the account referenced in the article, as well as connected individuals. Thus, we can state categorically that Santander has not found any breach by it of U.S. sanctions against Iran in connection with these allegations.

For both legal and reputational reasons, the allegations in this news report require a clear and firm response from us. We have taken action both internally and externally to address them. If this article is raised by concerned clients or customers, I would be grateful if you were to address them with the following points of fact:

Regards,

Juan Manuel Cendoya

Global head of Communications, Corporate Marketing & Research

Go here to read the rest:
Update on Santander, Iran and US sanctions - Santander

Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused – CyberScoop

Theres little evidence that Hamass Oct. 7 attack on Israel included a planned cyber component, but in the months since, a flurry of regional hacking units with ties to the terrorist group, as well as Hezbollah and Iran, adjusted their operations to participate in the ongoing conflict, a Google analysis concluded Tuesday.

The analysis conducted by Googles Threat Analysis Group and Mandiant, part of Google Cloud documented operations tied to a half-dozen regional cyber threat groups with objectives including espionage, information operations or destructive activities.

While cyber operations play a supporting and symbiotic role to kinetic and physical attacks in some conflicts, the Israel-Hamas war shows how cyber operations stand on their own and provide governments with lower-cost, lower-risk ways to engage rivals without direct military confrontation, the researchers said.

The contrast between the role of cyber in this conflict and how its been used during Russias ongoing war on Ukraine is clear, said Sandra Joyce, vice president of Mandiant Intelligence.

In the Israel-Gaza region, we didnt observe that spike in cyber operations, Joyce said in a call with reporters ahead of the reports release. We saw that in Russia, but we didnt see that here.

Iran has targeted Israel and the U.S. for years, the analysis noted, and operations continue apace. In the six months leading up to Hamass attack, Iran accounted for roughly 80% of all government-backed phishing activity that targeted users based in Israel, the researchers said.

After October 7, weve seen a focused effort to undercut support for the war among both the Israeli public and the broader global populace, including hack-and-leak and information operations to demoralize Israeli citizens, erode their trust in national organizations, and cast Israels actions in a negative light, the report stated.

This kind of information operation made headlines in the U.S. in November, when a group linked to the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) targeted Israeli-manufactured devices used in water utilities with defacing messages. A water utility in Aliquippa, Pa., was hit in the attack, and the U.S. government on Feb. 2 sanctioned a half-dozen Iranian officials over the affair.

The groups highlighted in the report most with ties to Iran have targeted Israel, other entities in the Middle East, the United States or Europe.

Hamas-linked groups which have traditionally targeted Israel and Palestine as part of intra-Palestinian operations were active through September 2023 and showed no observable increase in activity leading up to or after Oct. 7, the researchers said.

One of the groups, tracked by Google as Great Rift and as UNC4453 or Plaid Rain by others, is likely linked to Hezbollah in Lebanon, according to the analysis. That group, researchers say, took advantage of the surge of interest in emergency services after Oct. 7 attacks, impersonating legitimate Israeli services in phishing lures.

The group also created a fake missing persons website that prompted visitors to download a small malicious program, purportedly to receive notifications about abducted Israelis, and created a website to impersonate a legitimate Israeli hospital to distribute malware using a blood donation theme, the researchers said.

The incidents are examples of established regional hacking campaigns that demonstrate the agility to rapidly tailor activity to current events, the report read.

Another incident with likely connections to Iran, which surfaced Feb. 12, targeted Israeli civilians whose emails were obtained in compromises of Israeli organizations in November, with destructive malware disguised as notices from the Israel National Cyber Directorate, John Hultquist, Mandiant Intelligences chief analyst, said in an email Tuesday.

If executed, the malware overwrote files and played a video that included a message to hostage families meant to demoralize Israelis, Hultquist said.

Increasingly, Iran is directly targeting civilians with information operations and attacks, he added.

Nicole Fishbein, a security researcher with Intezer, flagged the campaign in a series of posts to the X social media platform Feb. 12, noting that it included anti-war propaganda and an attack ad against Israeli Prime Minister Benjamin Netanyahu.

Originally posted here:
Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused - CyberScoop