OFAC Sanctions Roundup: Iran Shipping Network, Ransomware Enablers, and Khamenei-Linked Assets
OFAC took three designation actions between July 10 and July 14, 2026. Two target Iran and are expressly framed as a response to Iran’s resumption of attacks on shipping in the Strait of Hormuz; the third targets the service providers behind ransomware operations. Two features cut across all three and warrant attention. First, OFAC is designating individual professionals: Western-national executives, consultants, vessel inspectors, brokers, and company partners, alongside the entities they serve. Second, the Iran actions reach well beyond the oil trade into containerized shipping, freight forwarding, and European real estate, sectors whose participants may not have viewed themselves as carrying Iran exposure.
Shamkhani Illicit Shipping Network (July 14, 2026)
OFAC designated more than 50 individuals, entities, and vessels connected to the shipping and sanctions-evasion network of Mohammad Hossein Shamkhani, all under E.O. 13902. This is the third tranche of Shamkhani designations, following actions in July 2025 and April 2026, and brings the cumulative total under the Shamkhani umbrella to more than 200 persons and vessels.
The most consequential development is the move into containerized shipping. Singapore-based Sea Lead Shipping PTE. Ltd. and its Dubai, Marshall Islands, and India subsidiaries were designated as Shamkhani-controlled container lines, together with Volta Shipping Services LLC and Dubai freight forwarder We Freight Shipping LLC. Treasury’s stated concern is the deliberate blending of licit and illicit cargo — including deliveries to the Houthis in Yemen — which means an ordinary-looking container booking can now carry designated-party exposure. Companies in freight forwarding, NVOCC, terminal, port agency, and box-leasing roles should examine existing relationships involving these groups and in particular should note that subsidiaries of these entities may be captured automatically by OFAC’s 50% Rule even if the subsidiaries themselves are not expressly named. OFAC also designated a series of vessel-owning companies and identified their vessels as blocked property, and disclosed a previously unreported Caspian Sea fleet moving goods between Iran and Russia. Four vessels — SEA CRUISER, SEA CASTLE, SEA ANCHOR, and SEA GALLEON — were identified as blocked property of Shamkhani himself despite undisclosed ownership and unknown flag states, so vessel screening should run on IMO numbers rather than names or flags.
On the personnel side, OFAC designated the Danish former global CFO and Italian former global CEO of House of Shipping Investment FZCO along with their Dubai consultancy, a British vessel inspector, Indian and Iranian operational managers, and the network’s two principal financiers. There is also a Russia overlap: Treasury alleges that Shamkhani’s de facto head of shipping used the network to circumvent the Russian oil price cap, and two designated tankers carried Russian petroleum products. This shows that Iran and Russia screening cannot be run in separate lanes.
Ransomware Enablers (July 13, 2026)
OFAC designated two individuals and one entity under E.O. 13694, in furtherance of E.O. 14390, for involvement with cybercrime and predatory schemes. The targets are First VPN Service (1VPNS), described as a VPN provider whose principal customers are ransomware actors, its administrator Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev, a Belarusian national who sells “cryptors” that disguise malware as harmless files. Victims of attacks using 1VPNS infrastructure reportedly included U.S. businesses, financial services firms, hospitals, and municipal governments. The action was coordinated with the UK’s Foreign, Commonwealth & Development Office (FCDO), which designated a different set of targets the same day, and follows a May 2026 European takedown of 1VPNS infrastructure supported by the FBI.
The theme here is that OFAC is working down the supply chain, from ransomware operators to the anonymization and obfuscation services they buy. Notably, Treasury acknowledged that VPNs have legitimate uses and rested the designation on the customer base and the operator’s conduct rather than the technology. The practical implication is ransomware payment risk: OFAC applies strict liability to payments made to or for the benefit of designated persons, including indirectly through incident-response firms, insurers, or payment intermediaries. Payment protocols should screen the SDN List at the moment of payment. Companies with UK nexus should check the UK list separately.
Supreme Leader Financier and Iranian Exchange Houses (July 10, 2026)
OFAC designated Dubai-based Iranian facilitator Ali Ansari under E.O. 13876 and E.O. 13224, together with his Saint Kitts and Nevis holding company Smart Global Limited (formerly Ziba Leisure Limited). Treasury alleges Ansari, the former owner of the collapsed Ayandeh Bank, diverted embezzled funds into an overseas portfolio of real estate and commercial holdings across Germany, Luxembourg, Spain, the United Kingdom, Cyprus, and the UAE, much of it ultimately for the benefit of Supreme Leader Mojtaba Khamenei, his family, and IRGC-linked elites. Real estate agents, property managers, escrow and title agents, law firms, and corporate service providers in those jurisdictions should conduct beneficial-ownership checks against both company names, bearing in mind that downstream SPVs may be blocked under the 50% Rule without appearing on any list.
The same action designated three Iranian currency exchange houses under E.O. 13902 — the Darbani, Lavasani, and Khandan general partnerships, along with their controlling partners individually—on the rationale that partners bear ultimate liability for the bank funds entrusted to them. Between them, the exchange houses hold and move hundreds of millions of dollars for a long list of sanctioned Iranian banks. Two front companies were also designated: CDM Trading Limited in Hong Kong and Naba Alzaki Raw Materials Trading LLC in the UAE, reinforcing that thinly-substantiated Hong Kong and UAE trading intermediaries remain the highest-risk profile in Iranian value-transfer chains. The Treasury press release expressly warns of secondary sanctions: foreign financial institutions knowingly facilitating significant transactions for these designees risk losing or having conditions imposed on their U.S. correspondent accounts. That is the sharpest bank-facing element of the week.
Key Takeaways
The standard consequences apply to all three actions. Property and interests in property of the designated persons within U.S. jurisdiction or held by U.S. persons are blocked and must be reported to OFAC; entities owned 50 percent or more in the aggregate by blocked persons are blocked whether or not listed; and civil liability attaches on a strict liability basis. In the near term, companies should re-screen counterparties, beneficial owners, and vessels against the SDN List as updated on July 10, 13, and 14, screening vessels by IMO number; extend that screening to container-side intermediaries rather than tanker charter chains alone; and review counterparty officers and directors, not only the entities themselves. Banks should assess correspondent relationships against the secondary-sanctions warning in the July 10 action, and any entity or counterparty that has been designated should consider a removal petition, which OFAC continues to emphasize as available. Finally, companies active in these sectors should collect beneficial ownership information on the entities with which they transact to ensure they are not running afoul of the 50% Rule. More than anything, these actions reflect this administration’s willingness to extend sanctions past the wrongdoers themselves to target those who aid and abet their economic activities.
Both Iran actions build on established campaigns and are framed against renewed Iranian activity in the Strait of Hormuz, so further tranches are likely in the near term. On the cyber side, E.O. 14390 and continuing OFAC-FCDO coordination point to a sustained campaign against ransomware infrastructure providers.
Read more about LBKM’s U.S. Sanctions practice, or visit our Sanctions Library for additional OFAC resources and updates.
This advisory is provided for informational purposes only and does not constitute legal advice. Receipt of this advisory does not create an attorney-client relationship.