3JUN

US hits Iran defence procurement ring

4 min read

10:43UTC

OFAC designated eight people and five companies on 29 May for impersonating US firms to smuggle bug-detecting hardware to Iran's military, the same week Trump withheld his signature from the war-ending deal.

← Back to Sovereignty arrives, minus Brussels Jump to analysis ↓

TechnologyDeveloping

Key takeaway

Treasury signed coercion against Iran's defence supply chain the same week it withheld the war-ending deal.

OFAC, the US Treasury's Office of Foreign Assets Control, designated eight people and five companies on 29 May for a scheme that impersonated American small businesses to defraud US technology vendors and supply Iran's military. ¹ The target was a procurement ring run for SAIRAN, Iran's state-owned military-electronics manufacturer that operates procurement under the SAAFTA trading name, a firm controlled by MODAFL, Iran's Ministry of Defence and Armed Forces Logistics. The goods were spectrum analysers and non-linear junction detectors: the equipment a counter-surveillance unit uses to sweep a room for hidden microphones.

Ali Majd Sepehr set up domains posing as real US companies and tricked dozens of American IT vendors into shipping hardware, then re-routed it through two Dubai fronts, Green Light Computer Co LLC and Al Kawther Neon LLC, into Iran. ² A Rome-based dual Iranian-Italian national, Saeid Zahedi, ran the money through a US financial account to pay for domain registration. That US account and the vendor fraud move the case from sanctions evasion, an administrative matter, into wire fraud, a federal crime. The FBI Los Angeles field office and the Commerce Department co-ordinated the action, and the State Department posted a $15 million Rewards for Justice bounty on IRGC financial networks. ³

This was OFAC's third distinct Iran track in two weeks. Previous rounds hit the Persian Gulf Strait Authority and more than 50 shipping entities , and the Hengli refinery licence lapsed without guidance . This one reaches the defence-electronics supply chain instead. The non-linear junction detectors named are TSCM-grade tools, the kit a service uses to find listening devices, suggesting MODAFL is hardening internal security after losing senior commanders to strikes inside a single week. A mid-tier procurement designation reads as routine Treasury housekeeping on its own. Paired with Bessent's sanctions threat against Oman the same week, it reads as a maximum-pressure pattern timed to the unsigned memorandum.

Deep Analysis

In plain English

Iran's military wanted specialised scanning equipment that can detect hidden microphones and surveillance bugs. US export law bans selling that equipment to Iran, so a network of people set up fake websites pretending to be American businesses, tricked real US technology companies into shipping the hardware, then rerouted it through Dubai into Iran. America's Treasury Department (OFAC, its sanctions bureau) named eight people and five companies involved in the scheme on 29 May. One of them, Saeid Zahedi, lived in Italy but used a US bank account to pay for the fake domain names, which gives American courts the right to prosecute him under federal wire-fraud law. The FBI's Los Angeles field office is leading the criminal investigation. The US government also offered $15 million to anyone who provides information on IRGC financial networks.

Deep Analysis

Root Causes

MODAFL's requirement for Western-manufactured spectrum analysers and non-linear junction detectors reflects a gap Iran's domestic defence industry cannot close. Spectrum analysers from US vendors (Keysight, Tektronix) operate at sensitivities and frequency ranges that Chinese and Russian equivalents do not match for counter-surveillance applications. SAIRAN's procurement need is therefore structurally locked to Western supply chains, which creates the vulnerability OFAC exploited.

The use of identity impersonation rather than traditional front-company purchase orders reflects a specific adaptation to tightened post-2019 Know Your Customer requirements on US IT vendors.

OFAC's 2019 advisory warned vendors about Iranian end-users; SAIRAN's response was to impersonate the US vendors themselves rather than create new intermediary entities. Saeid Zahedi's Italy-based US-account use is the residual Western financial-system footprint that conventional procurement through UAE fronts alone would have avoided.

What could happen next?

Risk
Federal wire-fraud charges against Saeid Zahedi create extradition exposure for dual nationals with EU residency inside OFAC networks, potentially deterring European-based nodes in future procurement rings.
Precedent
OFAC's simultaneous use of sanctions designation and criminal referral for the same network sets a template for parallel-track enforcement against Iranian procurement rings that US allies may follow.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Washington's 2005-2008 'Enhanced Counter-Proliferation Initiative' used wire-fraud charges alongside sanctions to prosecute procurement rings supplying North Korea's Yongbyon facility via Malaysian and Singaporean fronts.

The structural mechanism matched: a domestic legal hook (US bank accounts or dollar-clearing) was used to extend federal jurisdiction over wholly foreign transactions. FBI Los Angeles used the same wire-fraud hook against Saeid Zahedi's US-account domain payments on 29 May.

Counter-parallel: The 2019 Iran Electronics Industries (IEI) SDN designation followed the same MODAFL-controlled-entity logic and produced no observable reduction in Iranian electronic warfare capability within 18 months, because MODAFL routed procurement through separate Turkish and Chinese nodes that were not co-designated.

Spectrum analysers of the type SAIRAN sought (Keysight N9020B or equivalent, 3.6 GHz to 26.5 GHz range) retail at $30,000 to $180,000 per unit. Non-linear junction detectors cost $15,000 to $40,000 each. At these prices, the ring's total hardware value likely ran to $2 to $5 million per procurement cycle, well below the $15 million Rewards for Justice bounty placed on IRGC financial networks.

The financial incentive structure of the bounty is therefore deliberately asymmetric: OFAC is paying more to expose the network than the hardware itself was worth, signalling that the intelligence value of insiders exceeds the disruption value of the seizure.

The wire-fraud charge adds a second economic dimension. A successful federal prosecution would allow asset forfeiture against any US-connected financial account used by the network, including the Italian-based Zahedi account, creating a tool for asset recovery rather than sanction alone.

Consensus view: The Foundation for Defense of Democracies (FDD) and the Treasury's own enforcement record assess this designation pattern as a deliberate third-track strategy: OFAC opened shipping entities on 19 May , hit the Persian Gulf Strait Authority on 28 May , and struck defence-electronics procurement on 29 May. Each track constrains a different Iranian revenue or capability stream, so pressure can continue even if one track is paused for diplomatic reasons.

Counter-view: Iran's Sharif University of Technology security researchers and the Tehran-aligned Mehr News Agency argue the SAIRAN/SAAFTA designation misreads Iranian procurement architecture: MODAFL operates dozens of parallel procurement nodes, and designating one mid-tier electronics firm does not disrupt the underlying supply logic. They point to the 2019 designation of Iran Electronics Industries, which produced no measurable reduction in IRGC counter-surveillance capacity.

Key tension: Whether OFAC's multi-track timing amounts to a coordinated maximum-pressure strategy or simply reflects independent enforcement timelines that create the appearance of coordination without the reality.

First Reported In

Update #112 · Treasury opens a second Iran sanctions front

US Department of the Treasury· 30 May 2026

Read original →

Causes and effects

Caused by

OFAC sb0502: 50 entities, 19 vessels, no refinery

The 19 May OFAC shipping-entity sweep was the second Iran sanctions track; the 29 May Economic Fury designation opened a third track targeting defence-electronics procurement.

Occurred 19 May 2026

Read story →

US sanctions the strait it will reopen

OFAC's 28 May PGSA designation and the 29 May Economic Fury action landed on consecutive days, constituting a two-front sanctions campaign timed to maximum-pressure the unsigned MOU.

Occurred 28 May 2026

Read story →

This Event

US hits Iran defence procurement ring

Treasury opened a third sanctions track in two weeks, reaching into Iran's defence-electronics supply chain rather than the oil trade.

Different Perspectives

European Central Bank

The ECB's digital euro pilot drew more than 50 PSP applications and is naming 10 to 30 participants in July, advancing on its own monetary mandate without requiring a Commission act. Its trajectory this week is the inverse of CAIDA's: the sovereignty instrument that restricts no US firm is the only one keeping its published calendar.

United States (Ambassador Andrew Puzder / Steptoe LLP)

Puzder named CAIDA a red line inconsistent with the EU-US trade framework on 25 May; Steptoe warns US firms spend up to USD 50bn a year on DMA and DSA compliance and that CAIDA's Buy European tilt threatens the Turnberry truce. The Google fine delay is read in Washington as evidence that Commission enforcement bends to diplomatic pressure.

France (G7 chair and Mistral AI)

France chaired the 29 May G7 Bercy ministerial and produced a communique that omitted cloud sovereignty entirely, while its national AI champion Mistral won five-year Airbus and BMW engineering contracts commercially the day before. Paris is advancing sovereignty through the market and retreating on it at every multilateral table.

Germany (federal government)

Berlin maintained College silence that forced CAIDA's scope to public-sector tenders, protecting the automotive sector from a US Section 301 claim while simultaneously allowing BMW to contract Mistral for safety-critical crash-simulation work. German corporate procurement and German trade policy are running in opposite directions.

Netherlands (minister Willemijn Aerdts)

Aerdts blocked Kyndryl's EUR 100m Solvinity acquisition on 26 May, the first US deal ever stopped under Dutch screening, on the specific ground that the US CLOUD Act could compel disclosure of DigiD and MijnOverheid data. The decision is a direct demonstration that national screening achieves CAIDA's public-sector objective without waiting for EU law.

European Commission

The Commission is presenting CAIDA adoption on its fourth scheduled date as a sovereignty milestone, with Henna Virkkunen due to brief the Telecom Council on 9 June. The narrowed public-sector-only scope is the concession written in to secure adoption; whether the Commission presents it as a floor or a ceiling for future revision is the open question.