Why this matters
The U.S. State Department’s Rewards for Justice program is offering up to $10 million for information on two people connected to a cyber unit known as Shahid Shushtari. This move is designed to pressure state-linked cyber operators believed to be behind disruptive campaigns targeting critical sectors worldwide.
The facts at a glance
- The U.S. announced a reward of up to $10 million for information about two individuals tied to Shahid Shushtari.
- Officials named Mohammad Bagher Shirinkar as the leader and Fatemeh Sedighian Kashi as a close associate involved in planning cyber operations.
- Shahid Shushtari has operated under multiple aliases (Emennet Pasargad, ASA, etc.) and is linked by U.S. agencies to the IRGC’s cyber command, targeting news, shipping, energy, finance, and telecom sectors.
- The group has been connected to election influence operations and was sanctioned by the U.S. Treasury.
Why the reward matters
Public bounties combined with sanctions and naming individuals are a policy strategy to increase operational costs for state-linked cyber actors. Rewards incentivize human sources and informants to come forward — a key lever when conventional legal cooperation is limited.
Looking closer — two insights
Pressure and publicity go hand in hand
This is part of a growing trend: the U.S. now blends legal steps (sanctions), public attribution, and rewards to disrupt adversary operations — signaling long-term intent.
Practical impacts on travel and finance
Naming individuals tied to the IRGC affects their travel, banking, and procurement. Follow-on sanctions or restrictions are likely, limiting these actors’ international mobility.
What organizations should do now
- Harden external-facing assets and patch promptly.
- Adopt phishing-resistant authentication (FIDO/passkeys) for privileged access.
- Increase threat-intel sharing with peers and national CERTs to map attacker tools and campaigns.
