10JUN

US hits Iran defence procurement ring

4 min read

10:31UTC

OFAC designated eight people and five companies on 29 May for impersonating US firms to smuggle bug-detecting hardware to Iran's military, the same week Trump withheld his signature from the war-ending deal.

← Back to Sovereignty law adopted; $40bn US chip buy Jump to analysis ↓

TechnologyDeveloping

Key takeaway

Treasury signed coercion against Iran's defence supply chain the same week it withheld the war-ending deal.

OFAC, the US Treasury's Office of Foreign Assets Control, designated eight people and five companies on 29 May for a scheme that impersonated American small businesses to defraud US technology vendors and supply Iran's military. ¹ The target was a procurement ring run for SAIRAN, Iran's state-owned military-electronics manufacturer that operates procurement under the SAAFTA trading name, a firm controlled by MODAFL, Iran's Ministry of Defence and Armed Forces Logistics. The goods were spectrum analysers and non-linear junction detectors: the equipment a counter-surveillance unit uses to sweep a room for hidden microphones.

Ali Majd Sepehr set up domains posing as real US companies and tricked dozens of American IT vendors into shipping hardware, then re-routed it through two Dubai fronts, Green Light Computer Co LLC and Al Kawther Neon LLC, into Iran. ² A Rome-based dual Iranian-Italian national, Saeid Zahedi, ran the money through a US financial account to pay for domain registration. That US account and the vendor fraud move the case from sanctions evasion, an administrative matter, into wire fraud, a federal crime. The FBI Los Angeles field office and the Commerce Department co-ordinated the action, and the State Department posted a $15 million Rewards for Justice bounty on IRGC financial networks. ³

This was OFAC's third distinct Iran track in two weeks. Previous rounds hit the Persian Gulf Strait Authority and more than 50 shipping entities , and the Hengli refinery licence lapsed without guidance . This one reaches the defence-electronics supply chain instead. The non-linear junction detectors named are TSCM-grade tools, the kit a service uses to find listening devices, suggesting MODAFL is hardening internal security after losing senior commanders to strikes inside a single week. A mid-tier procurement designation reads as routine Treasury housekeeping on its own. Paired with Bessent's sanctions threat against Oman the same week, it reads as a maximum-pressure pattern timed to the unsigned memorandum.

Deep Analysis

In plain English

Iran's military wanted specialised scanning equipment that can detect hidden microphones and surveillance bugs. US export law bans selling that equipment to Iran, so a network of people set up fake websites pretending to be American businesses, tricked real US technology companies into shipping the hardware, then rerouted it through Dubai into Iran. America's Treasury Department (OFAC, its sanctions bureau) named eight people and five companies involved in the scheme on 29 May. One of them, Saeid Zahedi, lived in Italy but used a US bank account to pay for the fake domain names, which gives American courts the right to prosecute him under federal wire-fraud law. The FBI's Los Angeles field office is leading the criminal investigation. The US government also offered $15 million to anyone who provides information on IRGC financial networks.

Deep Analysis

Root Causes

MODAFL's requirement for Western-manufactured spectrum analysers and non-linear junction detectors reflects a gap Iran's domestic defence industry cannot close. Spectrum analysers from US vendors (Keysight, Tektronix) operate at sensitivities and frequency ranges that Chinese and Russian equivalents do not match for counter-surveillance applications. SAIRAN's procurement need is therefore structurally locked to Western supply chains, which creates the vulnerability OFAC exploited.

The use of identity impersonation rather than traditional front-company purchase orders reflects a specific adaptation to tightened post-2019 Know Your Customer requirements on US IT vendors.

OFAC's 2019 advisory warned vendors about Iranian end-users; SAIRAN's response was to impersonate the US vendors themselves rather than create new intermediary entities. Saeid Zahedi's Italy-based US-account use is the residual Western financial-system footprint that conventional procurement through UAE fronts alone would have avoided.

What could happen next?

Risk
Federal wire-fraud charges against Saeid Zahedi create extradition exposure for dual nationals with EU residency inside OFAC networks, potentially deterring European-based nodes in future procurement rings.
Precedent
OFAC's simultaneous use of sanctions designation and criminal referral for the same network sets a template for parallel-track enforcement against Iranian procurement rings that US allies may follow.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Washington's 2005-2008 'Enhanced Counter-Proliferation Initiative' used wire-fraud charges alongside sanctions to prosecute procurement rings supplying North Korea's Yongbyon facility via Malaysian and Singaporean fronts.

The structural mechanism matched: a domestic legal hook (US bank accounts or dollar-clearing) was used to extend federal jurisdiction over wholly foreign transactions. FBI Los Angeles used the same wire-fraud hook against Saeid Zahedi's US-account domain payments on 29 May.

Counter-parallel: The 2019 Iran Electronics Industries (IEI) SDN designation followed the same MODAFL-controlled-entity logic and produced no observable reduction in Iranian electronic warfare capability within 18 months, because MODAFL routed procurement through separate Turkish and Chinese nodes that were not co-designated.

Spectrum analysers of the type SAIRAN sought (Keysight N9020B or equivalent, 3.6 GHz to 26.5 GHz range) retail at $30,000 to $180,000 per unit. Non-linear junction detectors cost $15,000 to $40,000 each. At these prices, the ring's total hardware value likely ran to $2 to $5 million per procurement cycle, well below the $15 million Rewards for Justice bounty placed on IRGC financial networks.

The financial incentive structure of the bounty is therefore deliberately asymmetric: OFAC is paying more to expose the network than the hardware itself was worth, signalling that the intelligence value of insiders exceeds the disruption value of the seizure.

The wire-fraud charge adds a second economic dimension. A successful federal prosecution would allow asset forfeiture against any US-connected financial account used by the network, including the Italian-based Zahedi account, creating a tool for asset recovery rather than sanction alone.

Consensus view: The Foundation for Defense of Democracies (FDD) and the Treasury's own enforcement record assess this designation pattern as a deliberate third-track strategy: OFAC opened shipping entities on 19 May , hit the Persian Gulf Strait Authority on 28 May , and struck defence-electronics procurement on 29 May. Each track constrains a different Iranian revenue or capability stream, so pressure can continue even if one track is paused for diplomatic reasons.

Counter-view: Iran's Sharif University of Technology security researchers and the Tehran-aligned Mehr News Agency argue the SAIRAN/SAAFTA designation misreads Iranian procurement architecture: MODAFL operates dozens of parallel procurement nodes, and designating one mid-tier electronics firm does not disrupt the underlying supply logic. They point to the 2019 designation of Iran Electronics Industries, which produced no measurable reduction in IRGC counter-surveillance capacity.

Key tension: Whether OFAC's multi-track timing amounts to a coordinated maximum-pressure strategy or simply reflects independent enforcement timelines that create the appearance of coordination without the reality.

First Reported In

Update #112 · Treasury opens a second Iran sanctions front

US Department of the Treasury· 30 May 2026

Read original →

Causes and effects

Caused by

OFAC sb0502: 50 entities, 19 vessels, no refinery

The 19 May OFAC shipping-entity sweep was the second Iran sanctions track; the 29 May Economic Fury designation opened a third track targeting defence-electronics procurement.

Occurred 19 May 2026

Read story →

US sanctions the strait it will reopen

OFAC's 28 May PGSA designation and the 29 May Economic Fury action landed on consecutive days, constituting a two-front sanctions campaign timed to maximum-pressure the unsigned MOU.

Occurred 28 May 2026

Read story →

This Event

US hits Iran defence procurement ring

Treasury opened a third sanctions track in two weeks, reaching into Iran's defence-electronics supply chain rather than the oil trade.

Different Perspectives

European cloud and open-source industry

European cloud providers gain a binding procurement mandate from CADA, confirmed by Gartner's $12.6bn sovereign-cloud figure for 2026. The $40bn Pax Silica commitment signals Brussels will not extend sovereignty discipline to the silicon layer, and the missing €350m Sovereign Tech Fund leaves open-source maintenance infrastructure unfunded beneath those same clouds.

United Kingdom

Science Secretary Kendall's £1.1bn Hardware Plan on 8 June chose demand-side instruments, advancing £150m to British chip startups via the British Business Bank, where Brussels chose supply-side alliance membership. Britain joined Pax Silica before the EU and has no collective EU procurement leverage; the Hardware Plan is the bilateral answer to the same silicon gap.

United States

Pax Silica, a State Department initiative launched in December 2025, secured EU membership the same afternoon Brussels adopted its cloud sovereignty law. Ambassador Puzder had named CADA a red line against the EU-US trade framework; the narrowed CADA scope and the $40bn chip commitment together represent the settlement Washington sought.

France

France was the only EU state to oppose Pax Silica accession at COREPER on 3 June, asking the Commission to clarify the Council's steering role inside the alliance. Paris backed CADA and hosts Mistral AI; a $40bn US-chip commitment contractually narrows the commercial space for the sovereign AI model that France is trying to scale.

European Commission

Von der Leyen framed CADA on 3 June as keeping 'most of our market open to like-minded partners', and the Commission's EVP Virkkunen simultaneously required majority-European ownership for the €4.12bn AI Gigafactories call. Brussels is managing rather than resolving the silicon dependency by asserting regulatory control at the cloud layer while formalising the chip relationship through Pax Silica.

European Central Bank

The ECB's digital euro pilot drew more than 50 PSP applications and is naming 10 to 30 participants in July, advancing on its own monetary mandate without requiring a Commission act. Its trajectory this week is the inverse of CAIDA's: the sovereignty instrument that restricts no US firm is the only one keeping its published calendar.