1JUN

US hits Iran defence procurement ring

4 min read

08:32UTC

OFAC designated eight people and five companies on 29 May for impersonating US firms to smuggle bug-detecting hardware to Iran's military, the same week Trump withheld his signature from the war-ending deal.

← Back to Two parliaments, one war neither can govern Jump to analysis ↓

ConflictDeveloping

Key takeaway

Treasury signed coercion against Iran's defence supply chain the same week it withheld the war-ending deal.

OFAC, the US Treasury's Office of Foreign Assets Control, designated eight people and five companies on 29 May for a scheme that impersonated American small businesses to defraud US technology vendors and supply Iran's military. ¹ The target was a procurement ring run for SAIRAN, Iran's state-owned military-electronics manufacturer that operates procurement under the SAAFTA trading name, a firm controlled by MODAFL, Iran's Ministry of Defence and Armed Forces Logistics. The goods were spectrum analysers and non-linear junction detectors: the equipment a counter-surveillance unit uses to sweep a room for hidden microphones.

Ali Majd Sepehr set up domains posing as real US companies and tricked dozens of American IT vendors into shipping hardware, then re-routed it through two Dubai fronts, Green Light Computer Co LLC and Al Kawther Neon LLC, into Iran. ² A Rome-based dual Iranian-Italian national, Saeid Zahedi, ran the money through a US financial account to pay for domain registration. That US account and the vendor fraud move the case from sanctions evasion, an administrative matter, into wire fraud, a federal crime. The FBI Los Angeles field office and the Commerce Department co-ordinated the action, and the State Department posted a $15 million Rewards for Justice bounty on IRGC financial networks. ³

This was OFAC's third distinct Iran track in two weeks. Previous rounds hit the Persian Gulf Strait Authority and more than 50 shipping entities , and the Hengli refinery licence lapsed without guidance . This one reaches the defence-electronics supply chain instead. The non-linear junction detectors named are TSCM-grade tools, the kit a service uses to find listening devices, suggesting MODAFL is hardening internal security after losing senior commanders to strikes inside a single week. A mid-tier procurement designation reads as routine Treasury housekeeping on its own. Paired with Bessent's sanctions threat against Oman the same week, it reads as a maximum-pressure pattern timed to the unsigned memorandum.

Deep Analysis

In plain English

Iran's military wanted specialised scanning equipment that can detect hidden microphones and surveillance bugs. US export law bans selling that equipment to Iran, so a network of people set up fake websites pretending to be American businesses, tricked real US technology companies into shipping the hardware, then rerouted it through Dubai into Iran. America's Treasury Department (OFAC, its sanctions bureau) named eight people and five companies involved in the scheme on 29 May. One of them, Saeid Zahedi, lived in Italy but used a US bank account to pay for the fake domain names, which gives American courts the right to prosecute him under federal wire-fraud law. The FBI's Los Angeles field office is leading the criminal investigation. The US government also offered $15 million to anyone who provides information on IRGC financial networks.

Deep Analysis

Root Causes

MODAFL's requirement for Western-manufactured spectrum analysers and non-linear junction detectors reflects a gap Iran's domestic defence industry cannot close. Spectrum analysers from US vendors (Keysight, Tektronix) operate at sensitivities and frequency ranges that Chinese and Russian equivalents do not match for counter-surveillance applications. SAIRAN's procurement need is therefore structurally locked to Western supply chains, which creates the vulnerability OFAC exploited.

The use of identity impersonation rather than traditional front-company purchase orders reflects a specific adaptation to tightened post-2019 Know Your Customer requirements on US IT vendors.

OFAC's 2019 advisory warned vendors about Iranian end-users; SAIRAN's response was to impersonate the US vendors themselves rather than create new intermediary entities. Saeid Zahedi's Italy-based US-account use is the residual Western financial-system footprint that conventional procurement through UAE fronts alone would have avoided.

What could happen next?

Risk
Federal wire-fraud charges against Saeid Zahedi create extradition exposure for dual nationals with EU residency inside OFAC networks, potentially deterring European-based nodes in future procurement rings.
Precedent
OFAC's simultaneous use of sanctions designation and criminal referral for the same network sets a template for parallel-track enforcement against Iranian procurement rings that US allies may follow.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Washington's 2005-2008 'Enhanced Counter-Proliferation Initiative' used wire-fraud charges alongside sanctions to prosecute procurement rings supplying North Korea's Yongbyon facility via Malaysian and Singaporean fronts.

The structural mechanism matched: a domestic legal hook (US bank accounts or dollar-clearing) was used to extend federal jurisdiction over wholly foreign transactions. FBI Los Angeles used the same wire-fraud hook against Saeid Zahedi's US-account domain payments on 29 May.

Counter-parallel: The 2019 Iran Electronics Industries (IEI) SDN designation followed the same MODAFL-controlled-entity logic and produced no observable reduction in Iranian electronic warfare capability within 18 months, because MODAFL routed procurement through separate Turkish and Chinese nodes that were not co-designated.

Spectrum analysers of the type SAIRAN sought (Keysight N9020B or equivalent, 3.6 GHz to 26.5 GHz range) retail at $30,000 to $180,000 per unit. Non-linear junction detectors cost $15,000 to $40,000 each. At these prices, the ring's total hardware value likely ran to $2 to $5 million per procurement cycle, well below the $15 million Rewards for Justice bounty placed on IRGC financial networks.

The financial incentive structure of the bounty is therefore deliberately asymmetric: OFAC is paying more to expose the network than the hardware itself was worth, signalling that the intelligence value of insiders exceeds the disruption value of the seizure.

The wire-fraud charge adds a second economic dimension. A successful federal prosecution would allow asset forfeiture against any US-connected financial account used by the network, including the Italian-based Zahedi account, creating a tool for asset recovery rather than sanction alone.

Consensus view: The Foundation for Defense of Democracies (FDD) and the Treasury's own enforcement record assess this designation pattern as a deliberate third-track strategy: OFAC opened shipping entities on 19 May , hit the Persian Gulf Strait Authority on 28 May , and struck defence-electronics procurement on 29 May. Each track constrains a different Iranian revenue or capability stream, so pressure can continue even if one track is paused for diplomatic reasons.

Counter-view: Iran's Sharif University of Technology security researchers and the Tehran-aligned Mehr News Agency argue the SAIRAN/SAAFTA designation misreads Iranian procurement architecture: MODAFL operates dozens of parallel procurement nodes, and designating one mid-tier electronics firm does not disrupt the underlying supply logic. They point to the 2019 designation of Iran Electronics Industries, which produced no measurable reduction in IRGC counter-surveillance capacity.

Key tension: Whether OFAC's multi-track timing amounts to a coordinated maximum-pressure strategy or simply reflects independent enforcement timelines that create the appearance of coordination without the reality.

First Reported In

Update #112 · Treasury opens a second Iran sanctions front

US Department of the Treasury· 30 May 2026

Read original →

Causes and effects

Caused by

OFAC sb0502: 50 entities, 19 vessels, no refinery

The 19 May OFAC shipping-entity sweep was the second Iran sanctions track; the 29 May Economic Fury designation opened a third track targeting defence-electronics procurement.

Occurred 19 May 2026

Read story →

US sanctions the strait it will reopen

OFAC's 28 May PGSA designation and the 29 May Economic Fury action landed on consecutive days, constituting a two-front sanctions campaign timed to maximum-pressure the unsigned MOU.

Occurred 28 May 2026

Read story →

This Event

US hits Iran defence procurement ring

Treasury opened a third sanctions track in two weeks, reaching into Iran's defence-electronics supply chain rather than the oil trade.

Different Perspectives

Human rights monitors (Hengaw, Amnesty International, Iran HRM)

Monitors documented a second death sentence for Zahra Tabari, 68, reported cemetery record deletions at Behesht-e Zahra, and a poll showing 81.5% of medical residents want to emigrate, against a background of 200+ confirmed executions since February. Iran's security courts operate at uninterrupted wartime tempo regardless of the diplomatic track.

Pakistan (mediator)

Islamabad carried Trump's revised MOU demanding HEU destruction to Iranian negotiators, formally inheriting the role of sole active mediator after Oman's forced withdrawal. Pakistan lacks Oman's banking infrastructure for frozen-asset routing and carries its own regional stakes, making it a less structurally neutral broker.

Kuwait

Kuwait intercepted Iranian missiles and drones for a second time in days on 1 June, with air-raid sirens sounding nationwide, after invoking Article 51 self-defence on 28 May following the Ali Al Salem ballistic-missile strike. The repeated interceptions test whether Kuwait's domestic politics can sustain hosting US forces as a de facto co-belligerent.

China (PRC)

Beijing sent scholars to Shangri-La rather than its defence minister and addressed Taiwan without mentioning Iran, maintaining bilateral energy corridor protection with Tehran while refusing diplomatic exposure at multilateral forums. Trump barred China as an HEU custodian on 27 May, removing Beijing from the deal architecture while China continues supplying DPI hardware that caps Iran's internet.

Lloyd's of London / war-risk underwriters

Lloyd's held its Hormuz war-risk designation at $10-14 million per voyage while Brent recovered to $93.91, maintaining the structural divergence from futures pricing that has persisted since late May. Underwriters require a UN Security Council resolution or government certification letter, not diplomatic optimism.

Gulf Cooperation Council states (Saudi Arabia, UAE, Bahrain, Qatar)

Five Gulf states wrote to the IMO on 21 May rejecting Iran's PGSA transit authority over international waters; Saudi Arabia and the UAE have not confirmed participation in the European Hormuz mission. The GCC is navigating between US security guarantees and exposure to Iranian fire, with no Gulf state formally co-belligerent except Kuwait.