Attacks/Breaches

6/11/2018
04:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks

Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.

The Trump administration today announced sanctions against five Russian companies and three individuals for enabling and assisting Russia's intelligence and military units carry out cyberattacks against US interests.

Three of the companies that have been slapped with the sanctions are cybersecurity firms, one is a manufacturer and supplier of underwater equipment, and another is a scientific research institute.

In comments to Dark Reading, executives from two of the cybersecurity firms professed shock at the development and disputed the US government's characterization of their work. One of them said the company was not even a Russian entity as described by the US.

The US Treasury Department said it was taking the action under a 2017 Executive Order and the Countering America’s Adversaries Through Sanctions Act aimed at punishing entities engaged in offensive cyber activities against the US. The sanctions immediately freeze all property and interests of the designated entities and individuals and prohibit US companies and people from doing business with them.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Russia’s Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies," Treasury Secretary Steven Mnuchin said.

The Treasury Department cited last year's NotPetya global ransomware attacks, intrusions into the US energy grid, and global compromises of routers, switches, and other network infrastructure devices, as examples of Russia's "malign and destabilizing cyber activities." Russia's intelligence and military units have also been active in tracking the undersea communication cables that carry a vast bulk of telecommunication data globally, the Treasury noted in its statement.

The three security firms named in Monday's action are Digital Security, ERPScan, and Embedi. According to the Treasury Department, Digital Security has technologically and materially helped Russian intelligence services, including the FSB, hone up on their cyber-offensive capabilities. It described both ERPScan and Embedi — vendors known in the US for making numerous vulnerability disclosure contributions — as subsidiaries of Digital Security.

The two other firms that have been slapped with sanctions are Kvant Scientific Research Institute and underwater equipment specialist Divetechnoservices. All three of the individuals in today's action — Aleksandr Tribun, Oleg Chirikov, and Vladmir Kaganskiy —are executives of Divetechnoservices or worked on behalf of the company.

Monday's sanctions are part of a broader, and what some see as a largely symbolic, effort by the US government to turn up the heat on Russia for numerous recent cyberattacks on US critical infrastructure targets and for its online election-tampering. In March, the government imposed similar sanctions against five Russian companies and 15 individuals for cyberattacks on the US and its allies. In February, a federal grand jury indicted 13 Russian individuals and three Russian organizations for interfering with the US general election process in 2016 with the goal of influencing the outcome.

Alexander Polyakov, founder and CTO of ERPScan, says the US government's sanctions against his company are unmerited. "I woke up and was embarrassed by such news," Polyakov says. "The only accusation about ERPScan is that we are [a] subsidiary of [Digital Security]."

According to Polyakov, as of 2014, ERPScan is a private company registered in the Netherlands. It does not have any connections with any of the other companies that the Treasury department has designated for sanctions, he says.

Over the years, ERPScan has helped multiple software companies fix over 600 security vulnerabilities in their products. The company's research work has been published at over 100 security conferences worldwide. "The only issue is that I and some of my peers were born in Russia," Polyakov says. "Oh, come on. I'm sorry, but I can't change it."

Alexander Kruglov, head of marketing at Embedi - which just last year disclosed a major bug in firmware used in many Intel chips — says the US government action against his company was a complete surprise.

Some of the company's research team members are former employees of Digital Security, he says. But that was before Embedi was launched in December 2016, he says.

"We are not sure what we should do next," Kruglov says. Like Polyakov, Kruglov points to the security research that the company has done over the years, including work that has helped companies like Microsoft and Intel.

"We do hope that this misunderstanding could be solved somehow, as far as we are not even a Russian entity," he says.

Digital Security did not respond immediately to a request for comment.

Related Content:

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-0291
PUBLISHED: 2018-06-20
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol ...
CVE-2018-0292
PUBLISHED: 2018-06-20
A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in ...
CVE-2018-0293
PUBLISHED: 2018-06-20
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is du...
CVE-2018-0294
PUBLISHED: 2018-06-20
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive...
CVE-2018-0295
PUBLISHED: 2018-06-20
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...