Attacks/Breaches

6/11/2018
04:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks

Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.

The Trump administration today announced sanctions against five Russian companies and three individuals for enabling and assisting Russia's intelligence and military units carry out cyberattacks against US interests.

Three of the companies that have been slapped with the sanctions are cybersecurity firms, one is a manufacturer and supplier of underwater equipment, and another is a scientific research institute.

In comments to Dark Reading, executives from two of the cybersecurity firms professed shock at the development and disputed the US government's characterization of their work. One of them said the company was not even a Russian entity as described by the US.

The US Treasury Department said it was taking the action under a 2017 Executive Order and the Countering America’s Adversaries Through Sanctions Act aimed at punishing entities engaged in offensive cyber activities against the US. The sanctions immediately freeze all property and interests of the designated entities and individuals and prohibit US companies and people from doing business with them.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Russia’s Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies," Treasury Secretary Steven Mnuchin said.

The Treasury Department cited last year's NotPetya global ransomware attacks, intrusions into the US energy grid, and global compromises of routers, switches, and other network infrastructure devices, as examples of Russia's "malign and destabilizing cyber activities." Russia's intelligence and military units have also been active in tracking the undersea communication cables that carry a vast bulk of telecommunication data globally, the Treasury noted in its statement.

The three security firms named in Monday's action are Digital Security, ERPScan, and Embedi. According to the Treasury Department, Digital Security has technologically and materially helped Russian intelligence services, including the FSB, hone up on their cyber-offensive capabilities. It described both ERPScan and Embedi — vendors known in the US for making numerous vulnerability disclosure contributions — as subsidiaries of Digital Security.

The two other firms that have been slapped with sanctions are Kvant Scientific Research Institute and underwater equipment specialist Divetechnoservices. All three of the individuals in today's action — Aleksandr Tribun, Oleg Chirikov, and Vladmir Kaganskiy —are executives of Divetechnoservices or worked on behalf of the company.

Monday's sanctions are part of a broader, and what some see as a largely symbolic, effort by the US government to turn up the heat on Russia for numerous recent cyberattacks on US critical infrastructure targets and for its online election-tampering. In March, the government imposed similar sanctions against five Russian companies and 15 individuals for cyberattacks on the US and its allies. In February, a federal grand jury indicted 13 Russian individuals and three Russian organizations for interfering with the US general election process in 2016 with the goal of influencing the outcome.

Alexander Polyakov, founder and CTO of ERPScan, says the US government's sanctions against his company are unmerited. "I woke up and was embarrassed by such news," Polyakov says. "The only accusation about ERPScan is that we are [a] subsidiary of [Digital Security]."

According to Polyakov, as of 2014, ERPScan is a private company registered in the Netherlands. It does not have any connections with any of the other companies that the Treasury department has designated for sanctions, he says.

Over the years, ERPScan has helped multiple software companies fix over 600 security vulnerabilities in their products. The company's research work has been published at over 100 security conferences worldwide. "The only issue is that I and some of my peers were born in Russia," Polyakov says. "Oh, come on. I'm sorry, but I can't change it."

Alexander Kruglov, head of marketing at Embedi - which just last year disclosed a major bug in firmware used in many Intel chips — says the US government action against his company was a complete surprise.

Some of the company's research team members are former employees of Digital Security, he says. But that was before Embedi was launched in December 2016, he says.

"We are not sure what we should do next," Kruglov says. Like Polyakov, Kruglov points to the security research that the company has done over the years, including work that has helped companies like Microsoft and Intel.

"We do hope that this misunderstanding could be solved somehow, as far as we are not even a Russian entity," he says.

Digital Security did not respond immediately to a request for comment.

Related Content:

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.