The US government has imposed sanctions today on a front company that hid a massive hacking operation perpetrated by the Iranian government against its own citizens, foreign companies, and governments abroad.
Sanctions were imposed on the "Rana Intelligence Computing Company," also known as the Rana Institute, or Rana, as well as 45 current and former employees[1], such as managers, programmers, or hacking experts.
US officials said Rana operated as a front for the Iranian Ministry of Intelligence and Security (MOIS). Rana's main duties were to mount national and international hacking campaigns.
Through its local operations, Rana helped the government monitor Iranian citizens, dissidents, journalists, former government employees, environmentalists, refugees, students, professors, and anyone considered a threat for the local regime.
Externally, Rana also hacked the government networks of neighboring countries, but also foreign companies in the travel, academic, and telecommunications sectors. Officials said Rana used the access to the hacked foreign companies to track individuals whom the MOIS considered a threat.
Across the years, Rana's hacking operations left a long trail of clues that cyber-security firms traced back to Iran.
Investigations into these past Rana-linked operations can be found in cyber-security reports about the activities of a hacking group known as APT39[2], or Chafer, Cadelspy, Remexi, and ITG07 — all different names given by different security firms, but referring to the same threat actor, in this case, Rana.
Rana exposed in May 2019
However, for a long time, nobody even knew that Rana existed, let alone that it was a front company for APT39 and the Iranian regime.
The first time the world heard about Rana was in a ZDNet article[3] published in May 2019, documenting the leak of confidential information pertaining to Iranian hacking groups.
At