27MAY

US hits Iran defence procurement ring

4 min read

15:19UTC

OFAC designated eight people and five companies on 29 May for impersonating US firms to smuggle bug-detecting hardware to Iran's military, the same week Trump withheld his signature from the war-ending deal.

← Back to Brussels slips sovereignty law a third time Jump to analysis ↓

TechnologyDeveloping

Key takeaway

Treasury signed coercion against Iran's defence supply chain the same week it withheld the war-ending deal.

OFAC, the US Treasury's Office of Foreign Assets Control, designated eight people and five companies on 29 May for a scheme that impersonated American small businesses to defraud US technology vendors and supply Iran's military. ¹ The target was a procurement ring run for SAIRAN, Iran's state-owned military-electronics manufacturer that operates procurement under the SAAFTA trading name, a firm controlled by MODAFL, Iran's Ministry of Defence and Armed Forces Logistics. The goods were spectrum analysers and non-linear junction detectors: the equipment a counter-surveillance unit uses to sweep a room for hidden microphones.

Ali Majd Sepehr set up domains posing as real US companies and tricked dozens of American IT vendors into shipping hardware, then re-routed it through two Dubai fronts, Green Light Computer Co LLC and Al Kawther Neon LLC, into Iran. ² A Rome-based dual Iranian-Italian national, Saeid Zahedi, ran the money through a US financial account to pay for domain registration. That US account and the vendor fraud move the case from sanctions evasion, an administrative matter, into wire fraud, a federal crime. The FBI Los Angeles field office and the Commerce Department co-ordinated the action, and the State Department posted a $15 million Rewards for Justice bounty on IRGC financial networks. ³

This was OFAC's third distinct Iran track in two weeks. Previous rounds hit the Persian Gulf Strait Authority and more than 50 shipping entities , and the Hengli refinery licence lapsed without guidance . This one reaches the defence-electronics supply chain instead. The non-linear junction detectors named are TSCM-grade tools, the kit a service uses to find listening devices, suggesting MODAFL is hardening internal security after losing senior commanders to strikes inside a single week. A mid-tier procurement designation reads as routine Treasury housekeeping on its own. Paired with Bessent's sanctions threat against Oman the same week, it reads as a maximum-pressure pattern timed to the unsigned memorandum.

Deep Analysis

In plain English

Iran's military wanted specialised scanning equipment that can detect hidden microphones and surveillance bugs. US export law bans selling that equipment to Iran, so a network of people set up fake websites pretending to be American businesses, tricked real US technology companies into shipping the hardware, then rerouted it through Dubai into Iran. America's Treasury Department (OFAC, its sanctions bureau) named eight people and five companies involved in the scheme on 29 May. One of them, Saeid Zahedi, lived in Italy but used a US bank account to pay for the fake domain names, which gives American courts the right to prosecute him under federal wire-fraud law. The FBI's Los Angeles field office is leading the criminal investigation. The US government also offered $15 million to anyone who provides information on IRGC financial networks.

Deep Analysis

Root Causes

MODAFL's requirement for Western-manufactured spectrum analysers and non-linear junction detectors reflects a gap Iran's domestic defence industry cannot close. Spectrum analysers from US vendors (Keysight, Tektronix) operate at sensitivities and frequency ranges that Chinese and Russian equivalents do not match for counter-surveillance applications. SAIRAN's procurement need is therefore structurally locked to Western supply chains, which creates the vulnerability OFAC exploited.

The use of identity impersonation rather than traditional front-company purchase orders reflects a specific adaptation to tightened post-2019 Know Your Customer requirements on US IT vendors.

OFAC's 2019 advisory warned vendors about Iranian end-users; SAIRAN's response was to impersonate the US vendors themselves rather than create new intermediary entities. Saeid Zahedi's Italy-based US-account use is the residual Western financial-system footprint that conventional procurement through UAE fronts alone would have avoided.

What could happen next?

Risk
Federal wire-fraud charges against Saeid Zahedi create extradition exposure for dual nationals with EU residency inside OFAC networks, potentially deterring European-based nodes in future procurement rings.
Precedent
OFAC's simultaneous use of sanctions designation and criminal referral for the same network sets a template for parallel-track enforcement against Iranian procurement rings that US allies may follow.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Washington's 2005-2008 'Enhanced Counter-Proliferation Initiative' used wire-fraud charges alongside sanctions to prosecute procurement rings supplying North Korea's Yongbyon facility via Malaysian and Singaporean fronts.

The structural mechanism matched: a domestic legal hook (US bank accounts or dollar-clearing) was used to extend federal jurisdiction over wholly foreign transactions. FBI Los Angeles used the same wire-fraud hook against Saeid Zahedi's US-account domain payments on 29 May.

Counter-parallel: The 2019 Iran Electronics Industries (IEI) SDN designation followed the same MODAFL-controlled-entity logic and produced no observable reduction in Iranian electronic warfare capability within 18 months, because MODAFL routed procurement through separate Turkish and Chinese nodes that were not co-designated.

Spectrum analysers of the type SAIRAN sought (Keysight N9020B or equivalent, 3.6 GHz to 26.5 GHz range) retail at $30,000 to $180,000 per unit. Non-linear junction detectors cost $15,000 to $40,000 each. At these prices, the ring's total hardware value likely ran to $2 to $5 million per procurement cycle, well below the $15 million Rewards for Justice bounty placed on IRGC financial networks.

The financial incentive structure of the bounty is therefore deliberately asymmetric: OFAC is paying more to expose the network than the hardware itself was worth, signalling that the intelligence value of insiders exceeds the disruption value of the seizure.

The wire-fraud charge adds a second economic dimension. A successful federal prosecution would allow asset forfeiture against any US-connected financial account used by the network, including the Italian-based Zahedi account, creating a tool for asset recovery rather than sanction alone.

Consensus view: The Foundation for Defense of Democracies (FDD) and the Treasury's own enforcement record assess this designation pattern as a deliberate third-track strategy: OFAC opened shipping entities on 19 May , hit the Persian Gulf Strait Authority on 28 May , and struck defence-electronics procurement on 29 May. Each track constrains a different Iranian revenue or capability stream, so pressure can continue even if one track is paused for diplomatic reasons.

Counter-view: Iran's Sharif University of Technology security researchers and the Tehran-aligned Mehr News Agency argue the SAIRAN/SAAFTA designation misreads Iranian procurement architecture: MODAFL operates dozens of parallel procurement nodes, and designating one mid-tier electronics firm does not disrupt the underlying supply logic. They point to the 2019 designation of Iran Electronics Industries, which produced no measurable reduction in IRGC counter-surveillance capacity.

Key tension: Whether OFAC's multi-track timing amounts to a coordinated maximum-pressure strategy or simply reflects independent enforcement timelines that create the appearance of coordination without the reality.

First Reported In

Update #112 · Treasury opens a second Iran sanctions front

US Department of the Treasury· 30 May 2026

Read original →

Causes and effects

Caused by

OFAC sb0502: 50 entities, 19 vessels, no refinery

The 19 May OFAC shipping-entity sweep was the second Iran sanctions track; the 29 May Economic Fury designation opened a third track targeting defence-electronics procurement.

Occurred 19 May 2026

Read story →

US sanctions the strait it will reopen

OFAC's 28 May PGSA designation and the 29 May Economic Fury action landed on consecutive days, constituting a two-front sanctions campaign timed to maximum-pressure the unsigned MOU.

Occurred 28 May 2026

Read story →

This Event

US hits Iran defence procurement ring

Treasury opened a third sanctions track in two weeks, reaching into Iran's defence-electronics supply chain rather than the oil trade.

Different Perspectives

ASML / European tech industry

ASML's Q2 2026 guidance came in €300m below consensus as China DUV revenue collapsed 17 percentage points; the company's CEO wrote US export-control outcomes directly into 2026 guidance. European tech firms named on the USTR retaliation list alongside SAP, Siemens and Spotify face the same calculus: US trade exposure constrains what Brussels can legislate on their behalf.

France / Anne Le Henanff

Le Henanff chaired the G7 Digital Ministerial at Bercy on 29 May with CAIDA off the agenda, pivoting France's presidency to AI safety principles it had not designed the week around. France backs CAIDA but cannot override Berlin's tariff calculus, so the ministerial produced no new French-led commitment.

Germany / Federal government

Berlin's automotive sector faces up to $200bn in threatened US tariffs, a commercial exposure that dwarfs any benefit CAIDA's public-sector cloud rules would deliver to German digital firms. Federal silence inside the College of Commissioners functions as a block under consensus adoption rules without requiring a formal veto.

USTR / Ambassador Andrew Puzder

Puzder's public warning on 25 May that CAIDA is inconsistent with the EU-US trade framework was the first time Washington made its bilateral pressure visible before a Commission adoption vote rather than after. The USTR Section 301 determination on 24 July provides the enforcement backstop.

European Commission / Henna Virkkunen

Virkkunen framed the third slip as a procedural delay in finalising a 400-page text without addressing Puzder's trade-framework red line publicly. The Commission enforces existing law against Google while losing the legislative timeline on CAIDA, exposing an asymmetric position: enforcement holds; new sovereignty legislation does not.

OpenForum Europe / open-source community

The EUR 350m Sovereign Tech Fund has no Commission host, no budget line, and no commissioner's name attached six weeks after the April conference, while Germany is already paying maintainers to staff international standards bodies. The CRA open-source guidance resolves contributor liability but leaves the financial-donations grey area open with the 11 September reporting clock running.