Markets Wired

WASHINGTON — The G7 Cyber Expert Group completed a cross-border coordination exercise on 17 April 2024. G7 authorities routinely exercise to ensure they can effectively coordinate and communicate their response in the event of a widespread cyber incident affecting the financial system.

The primary objective of the exercise was to strengthen the ability of G7 financial authorities in effectively communicating and coordinating their respective responses to facilitate crisis management in the event of a significant cross-border cyber incident affecting the financial sector. The exercise built on previous simulations and workshops, which focused on cyber incident response, recovery management, and crisis communication. 

“This exercise is another critical opportunity for us to work with our G7 partners in our ongoing effort to combat cyberattacks,” commented Deputy Secretary Wally Adeyemo. “These simulations help strengthen the global financial system by ensuring that G7 countries are able to effectively coordinate and respond in the event of a crisis.”  

To optimize coordination among G7 financial authorities, the exercise assumed a large-scale cyber attack on financial market infrastructures and entities in all G7 jurisdictions. The exercise brought together 23 financial authorities, including ministries of finance, central banks, bank supervisors, and market authorities, as well as private industry participants.

By conducting such exercises, the G7 Cyber Expert Group aims to bolster the financial sector’s resilience and minimise disruptions across all G7 jurisdictions. This exercise allows the G7 financial authorities to continue to integrate the multiple lines of effort necessary to respond effectively to an incident. 

In an ever-changing and interconnected world, cross-border coordination, incident response preparedness, and information exchanges remain G7 priorities. The G7 Cyber Expert Group continuously collaborates on cybersecurity and stands ready to respond to cyber threats posed to the financial system. 

About the G7 Cyber Expert Group  

The G7 Cyber Expert Group coordinates cybersecurity policy and strategy across the G7 jurisdictions. The G7 Cyber Expert Group seeks to improve the cyber resiliency of the financial sector through preparedness, a consensus of the threat landscape, and a shared approach to mitigating risk and to this end has published various sets of Fundamental Elements, e.g. G7 Fundamental Elements of Ransomware Resilience for the Financial Sector and G7 Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector. More information about the G7 Cyber Expert Group and publications can be found here.

 

###

 

WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two companies and four individuals involved in malicious cyber activity on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC). These actors targeted more than a dozen U.S. companies and government entities through cyber operations, including spear phishing and malware attacks. In conjunction with today’s action, the U.S. Department of Justice and the Federal Bureau of Investigation is unsealing an indictment against the four individuals for their roles in cyber activity targeting U.S. entities. 

“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”

Iranian cyber actors continue to target the United States using a wide range of malicious cyber activity, from conducting ransomware attacks against critical infrastructure to conducting spear phishing and other social engineering campaigns against individuals, companies, and government entities. The IRGC-CEC, one of the Iranian government organizations behind malicious cyber activity, works through a series of front companies to target the United States and several other countries. Although front company management and key personnel know their operations support the IRGC-CEC, much of the Iranian public is not aware that some companies in Iran, such as Mehrsam Andisheh Saz Nik, are used as front companies to support the IRGC-CEC. The Iranian public should be aware that the IRGC-CEC uses private companies and their employees to achieve illegal goals.

Today’s action is being taken pursuant to the counterterrorism authority Executive Order (E.O.) 13224, as amended. OFAC designated the IRGC-CEC, also known as the IRGC Electronic Warfare and Cyber Defense Organization, pursuant to E.O. 13606 on January 12, 2018, for being owned or controlled by, or acting for or on behalf of, the IRGC, which itself was designated pursuant to E.O. 13224 on October 13, 2017. In February 2024, OFAC designated six IRGC-CEC officials in response to recent cyber operations in which IRGC-affiliated cyber actors manipulated programmable logic controllers, which impacted critical infrastructure systems, including in the United States. While these particular operations did not disrupt any critical services, unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devasting humanitarian consequences.  

IRGC-CEC FRONT COMPANIES AND AFFILIATED CYBER ACTORS

Mehrsam Andisheh Saz Nik (MASN), formerly known as Mahak Rayan Afzar, is an IRGC-CEC front company that has supported malicious cyber activity conducted by the IRGC-CEC. The company has been associated with multiple Iranian advanced persistent threat (APT) groups, including Tortoiseshell. The company is also associated with other malicious cyber activity, including a multi-year campaign targeting over a dozen U.S. companies and government entities, including the Department of the Treasury. 

Alireza Shafie Nasab is an IRGC-CEC-affiliated cyber actor who was involved in the same multi-year cyber campaign targeting U.S. entities while employed by MASN’s predecessor, Mahak Rayan Afzar. 

Reza Kazemifar Rahman (Kazemifar), another IRGC-CEC cyber actor, has been involved in operational testing of malware intended to target job seekers with a focus on military veterans. Kazemifar, while employed by MASN’s predecessor, Mahak Rayan Afzar, was also involved in the spear phishing campaign targeting multiple U.S. entities, including the Department of the Treasury. 

IRGC-CEC front company Dadeh Afzar Arman (DAA) has also engaged in malicious cyber campaigns on behalf of the IRGC-CEC. 

Hosein Mohammad Haruni was employed by DAA and has been associated with various spear phishing and other social engineering operations, in addition to malicious cyber activity targeting U.S. entities and the Department of the Treasury. 

Komeil Baradaran Salmani has been associated with multiple IRGC-CEC front companies and involved in spear phishing campaigns targeting multiple U.S. entities, including Department of the Treasury. 

Mehrsam Andisheh Saz Nik, Dadeh Afzar Arman, Alireza Shafie Nasab, Komeil Baradaran Salmani, and Reza Kazemifar Rahman are all being designated pursuant to E.O. 13224, as amended, for having acted or purported to act for or on behalf of, directly or indirectly, the IRGC-CEC. Hosein Mohammad Haruni is being designated pursuant to E.O. 13224, as amended, for having acted or purported to act for or on behalf of, directly or indirectly, Dadeh Afzar Arman. 

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. 

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person. 

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Click here for more information on the individuals and entities designated today.

###

Sanctions Target the Jama’at Nusrat al-Islam wal-Muslimin Terrorist Group

WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two leaders of al-Qa’ida-aligned terrorist group Jama’at Nusrat al-Islam wal-Muslimin (JNIM) for hostage-taking of U.S. persons in West Africa. OFAC is designating these individuals pursuant to Executive Order (E.O.) 14078, “Bolstering Efforts To Bring Hostages and Wrongfully Detained United States Nationals Home,” which targets those involved in, hostage-taking of a U.S. national or the wrongful detention of a U.S. national abroad. The Department of State concurrently designated five JNIM leaders pursuant to E.O. 14078, and designated two of these, as well as two additional leaders of JNIM, pursuant to E.O. 13224, as amended. 

“JNIM relies on hostage-taking and wrongful detention of civilians in order to gain leverage and instill fear, creating anguish and misery for the victims and their families,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Treasury will continue to use all tools at our disposal to hold accountable those who seek to hold our citizens hostage.”

E.O. 14078 draws on the authority of the 2020 Robert Levinson Hostage Recovery and Hostage Taking Accountability Act. This act represents the determination of the Levinson family and other families of those taken hostage or who are wrongfully detained overseas, who have worked to turn their family’s extraordinary hardships into contructive and meaningful action.

The individuals designated today are members of Jama’at Nusrat al-Islam wal-Muslimin (JNIM), an al-Qa’ida-aligned terrorist group operating in northwestern Africa. The Department of State designated JNIM as a Foreign Terrorist Organization (FTO) and Specially Designated Global Terrorist (SDGT) on September 6, 2018. Treasury has previously targeted JNIM in 2019, designating Bah Ag Moussa, a close associate of JNIM leader Iyad ag Ghali, pursuant to E.O. 13224; Bah Ag Moussa has led terrorist attacks in Mali, including one that killed 21 Malian soldiers.

Sidan ag Hitta (Hitta) is a Mali-based senior JNIM leader who was the JNIM official coordinating all negotiations regarding the release of western hostages and issued instructions concerning the hostages held by JNIM. On August 6, 2021, the Department of State designated Hitta pursuant to E.O. 13224, as amended, for being a leader of JNIM.

Jafar Dicko (Dicko) is a JNIM leader in Burkina Faso who was believed to have supervised the detention of a U.S. national. Dicko also served as a leader of Ansarul Islam, the JNIM-affiliated group responsible for kidnapping a U.S. national. On February 20, 2018, the Department of State designated Ansarul Islam pursuant to E.O. 13224.

Sidan Ag Hitta and Jafar Dicko are being designated for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, an act of hostage-taking of a U.S. national or wrongful detention of a U.S. national abroad.

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. 

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Click here for more information on the individuals designated today.

###

WASHINGTON – On Friday, U.S. Deputy Secretary of the Treasury Wally Adeyemo met with Nigerian Minister of Finance Wale Edun on the sidelines of the IMF-World Bank Spring meetings. Deputy Secretary Adeyemo commended Minister Edun for Nigeria’s important reforms to advance market-oriented economic policies and address inflation. The Deputy Secretary also welcomed Nigeria’s engagement with the World Bank, including support for social safety nets and fiscal reforms.

The Deputy Secretary asked Minister Edun for an update on Nigeria’s efforts to combat terrorist financing and money laundering and encouraged Nigeria to maintain steady progress in undertaking the necessary reforms to tackle illicit finance and corruption.

 

###

WASHINGTON – Yesterday, Deputy Secretary of the Treasury Wally Adeyemo met with Turkish Minister of Treasury and Finance Mehmet Şimşek. They exchanged views on the global economic outlook, as well as the American and Turkish economies. They also discussed ways in which the United States and Türkiye can strengthen the bilateral relationship by deepening trade and investment, and boosting anti-money laundering, counter terrorist financing, and sanctions enforcement.

 

###

WASHINGTON – Today, Secretary of the Treasury Janet L. Yellen hosted finance ministers of member countries of the Americas Partnership for Economic Prosperity (APEP). Together with Inter-American Development Bank President (IDB) Ilan Goldfajn, they discussed the work of the IDB to support APEP members in enhancing competitiveness in the sectors identified at the APEP Leaders’ Summit that was hosted by President Biden in November 2023: critical minerals, the medical sector, and semiconductors. Secretary Yellen commended the work of APEP finance ministers on the recent decisions to provide $3.5 billion in new capital for the IDB Group’s private sector window, IDB Invest, and on reforms to strengthen the effectiveness of the IDB Group in supporting private sector-led, sustainable, and inclusive growth in Latin America and the Caribbean.
 

###
 

WASHINGTON – Today, Secretary of the Treasury Janet L. Yellen met with Ministers of Finance Elisabeth Svantesson of Sweden, Riikka Purra of Finland, and Gintarė Skaistė of Lithuania on the sidelines of the IMF-World Bank Spring Meetings in Washington, DC.  Secretary Yellen discussed ways to continue providing near-term financial assistance to Ukraine, as well as ways to unlock the value of immobilized Russian sovereign assets to support Ukraine’s continued resistance and long-term reconstruction.

###

WASHINGTON – Today, Deputy Secretary of the Treasury Wally Adeyemo met The Honorable Senator Datuk Seri Amir Hamzah Azizan, Minister of Finance II of Malaysia. They exchanged views on the American, Malaysian, and global economies, Malaysia’s macroeconomic outlook and policy priorities, as well as Malaysia’s progress towards a clean energy transition. They discussed efforts by Iran and Russia to evade U.S. sanctions as well as President Biden’s Executive Order from December that allows for sanctions against third country financial institutions. They also discussed efforts to counter the financing of terrorism.

###

As Prepared for Delivery

Minister Ndung’u, it is a pleasure to have the opportunity to meet with you today as both of our governments prepare for President Ruto’s State Visit to Washington in May—the first by an African Head of State since 2008.

Kenya is a valued U.S. partner and a leading voice on the African continent on many of the pressing economic, financial, and climate issues that will be the focus of discussions during these Spring Meetings.

In our conversation today, I look forward to discussing the upcoming State Visit and how we can make progress on shared economic priorities.

Kenya’s economy has shown resilience to a range of shocks and pressures, and your country recently returned to international capital markets. I look forward to hearing from you about how you see the economic challenges and opportunities ahead.

Kenya has also been making good use of support from the international financial institutions and taking a leadership role in the World Bank’s IDA replenishment and at the African Development Bank.

I look forward to exchanging views on the international financial institutions, including how to strengthen the impact of the MDBs through MDB evolution. President Ruto’s convening of the Africa Climate Summit last year reinforced a key tenet of MDB Evolution, which is that addressing climate change and pursuing inclusive and resilient economic growth are mutually reinforcing goals.

I look forward to a productive conversation today and to continuing to deepen our bilateral partnership over the months ahead.

Thank you.

###

WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on two entities for their roles in establishing fundraising campaigns on behalf of Yinon Levi (Levi) and David Chai Chasdai (Chasdai), two violent extremists who were sanctioned on February 1, 2024 in connection with violence in the West Bank. The fundraising campaigns established by Mount Hebron Fund for Levi and by Shlom Asiraich for Chasdai generated the equivalent of $140,000 and $31,000, respectively.

“Mount Hebron Fund and Shlom Asiraich generated tens of thousands of dollars for extremists responsible for destroying property, assaulting civilians, and violence against Palestinians,” said Deputy Secretary of the Treasury Wally Adeyemo. “Such acts by these organizations undermine the peace, security, and stability of the West Bank. We will continue to use our tools to hold those responsible accountable.”

Concurrently, the Department of State is designating Ben-Zion Gopstein, the founder and leader of an organization whose members have engaged in violence, including assaults on Palestinian civilians.

CROWDFUNDING CAMPAIGNS FOR VIOLENT EXTREMISTS

Today, OFAC designated Mount Hebron Fund and Shlom Asiraich for being foreign persons who are responsible for or complicit in, or who have directly or indirectly engaged or attempted to engage in, actions — including directing, enacting, implementing, enforcing, or failing to enforce policies — that threaten the peace, security, or stability of the West Bank, and for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, persons blocked pursuant to Executive Order (E.O.) 14115. 

Following the February 1, 2024 designation of Yinon Levi, Mount Hebron Fund established an online fundraiser for the benefit of Levi, who was designated pursuant to E.O. 14115 for being responsible for or complicit in, or for having directly or indirectly engaged or attempted to engage in planning, ordering, otherwise directing, or participating in efforts to place civilians in reasonable fear of violence with the purpose or effect of necessitating a change of residence to avoid such violence, affecting the West Bank. Levi regularly led groups of violent extremists who engaged in actions creating an atmosphere of fear in the West Bank. His groups assaulted Palestinian and Bedouin civilians, threatened them with additional violence if they did not leave their homes, burned their fields, and destroyed their property. Levi and other extremists have repeatedly attacked multiple communities within the West Bank. Mount Hebron Fund’s fundraiser for Levi’s benefit reportedly raised the equivalent of $140,000 before the campaign was removed from the crowdfunding website and funds were withheld by a local financial institution. 

Following the February 1, 2024 designation of David Chai Chasdai, Shlom Asiraich established an online fundraiser for the benefit of Chasdai, who was also designated pursuant to E.O. 14115 for being responsible for or complicit in, or for having directly or indirectly engaged or attempted to engage in, actions — including directing, enacting, implementing, enforcing, or failing to enforce policies — that threaten the peace, security, or stability of the West Bank. Chasdai initiated and led a riot, which involved setting vehicles and buildings on fire, assaulting Palestinian civilians, and causing damage to property in Huwara, which resulted in the death of a Palestinian civilian. Shlom Asiraich’s fundraiser for Chasdai’s benefit reportedly raised the equivalent of $31,000 before it too was removed from the crowdfunding website. Shlom Asiraich’s fundraiser specifically noted that it was raising the money following the imposition of sanctions on, and the administrative detention of, Chasdai. Shlom Asiraich is an Israel-registered non-profit organization based in the West Bank that has also raised funds for other imprisoned violent extremists who share the group’s ideology, including Yigal Amir, who assassinated former Israeli Prime Minister Yitzhak Rabin in 1995, and Amiram Ben Uliel, who was convicted in 2020 for the killing of a Palestinian couple and their baby in an arson attack in the West Bank village of Duma in 2015.

SANCTIONS IMPLICATIONS

As a result of today’s actions, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. 

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person. 

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons (SDN) List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. 

For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Click here for more information on the entities designated today.

###