US Seizes 27 More IRGC-Controlled Domain Names

The action follows last month's seizure of 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread disinformation.

Kelly Sheridan, Former Senior Editor, Dark Reading

November 5, 2020

3 Min Read
Dark Reading logo in a gray background | Dark Reading

The US Department of Justice (DoJ) today reported the seizure of 27 more domain names that Iran's Islamic Revolutionary Guard Corps (IRGC) used to further a global disinformation campaign. Last month, the US seized 92 domain names used by the IRGC to spread influence operations.

All 27 of these domains violated US sanctions targeting both the IRGC and Iranian government. Four were disguised as legitimate news outlets but were used by the IRGC to target readers in the United States with the goal of influencing US policy and opinion – in violation of the Foreign Agents Registration Act (FARA). The other domains targeted people in other parts of the world.

FARA ascertains a registration, reporting, and disclosure structure for foreign governments, agencies, and other principals so that the US government and its citizens know the source of information and identities of people trying to influence US public opinion, policy, and law. It requires foreign agents submit statements with factual information about their activities and income earned.

The four domain names pretending to be news outlets – rpfront[.]com, ahtribune[.]com, awdnews[.]com, and criticalstudies[.]org – were seized pursuant to FARA, the DoJ reports. All targeted US audiences with pro-Iranian propaganda in an attempt to sway Americans to change US policy related to Iran and the Middle East. The domains targeted US citizens without proper registration and without stating their content was published on behalf of the IRGC and Iran.

A Nov. 3 seizure warrant describes how the 27 domains operated in violation of the International Emergency and Economic Powers Act (IEEPA) and the Iranian Transactions and Sanctions Regulations (ITSR), which prohibit US citizens from offering services to the Iranian government without a license. Seizure documents indicate all 27 domains were registered with US-based domain registrars and used top-level domains owned by US-based registries. 

Neither the IRGC nor the Iranian government obtained a license from the Office of Foreign Assets Control (OFAC) before using the domain names and buying services from US providers.

Officials on Alert for Election Disinformation
The news arrives as federal officials and security experts express concern about the potential of disinformation as votes are counted in the presidential election. While there was no malicious cyber activity detected on Election Day, and foreign interference is lower this year compared to 2016, officials remain on high alert as the vote count continues. In the hours after polls closed, researchers saw an uptick in disinformation spreading across different social media platforms.

Messages arguing for voter fraud and other contentious topics could open the door for foreign actors to jump into the disinformation spread, said Kate Starbird, professor of human centered design and engineering at UW, in a panel by the Election Integrity Partnership (EIP) on Wednesday.

"We do believe that there is a vulnerability to foreign influence here and foreign disinformation … we're not seeing a lot that be influential, but certainly this is going to be a time when we're going to be vulnerable," she said.

When there is a large number of people who voted in one direction whose candidate may not win, the rhetoric coming from that candidate may make those voters susceptible to both foreign and domestic disinformation, Starbird explained.

While Iranian actors were seen sending spoofed emails to American voters in the weeks leading up to Election Day, so far there is no indication they have spread disinformation in the days following the election. Read the full DoJ release for more details on the domain name seizure.

About the Author

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights