Attacks/Breaches

6/11/2018
04:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks

Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.

The Trump administration today announced sanctions against five Russian companies and three individuals for enabling and assisting Russia's intelligence and military units carry out cyberattacks against US interests.

Three of the companies that have been slapped with the sanctions are cybersecurity firms, one is a manufacturer and supplier of underwater equipment, and another is a scientific research institute.

In comments to Dark Reading, executives from two of the cybersecurity firms professed shock at the development and disputed the US government's characterization of their work. One of them said the company was not even a Russian entity as described by the US.

The US Treasury Department said it was taking the action under a 2017 Executive Order and the Countering America’s Adversaries Through Sanctions Act aimed at punishing entities engaged in offensive cyber activities against the US. The sanctions immediately freeze all property and interests of the designated entities and individuals and prohibit US companies and people from doing business with them.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Russia’s Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies," Treasury Secretary Steven Mnuchin said.

The Treasury Department cited last year's NotPetya global ransomware attacks, intrusions into the US energy grid, and global compromises of routers, switches, and other network infrastructure devices, as examples of Russia's "malign and destabilizing cyber activities." Russia's intelligence and military units have also been active in tracking the undersea communication cables that carry a vast bulk of telecommunication data globally, the Treasury noted in its statement.

The three security firms named in Monday's action are Digital Security, ERPScan, and Embedi. According to the Treasury Department, Digital Security has technologically and materially helped Russian intelligence services, including the FSB, hone up on their cyber-offensive capabilities. It described both ERPScan and Embedi — vendors known in the US for making numerous vulnerability disclosure contributions — as subsidiaries of Digital Security.

The two other firms that have been slapped with sanctions are Kvant Scientific Research Institute and underwater equipment specialist Divetechnoservices. All three of the individuals in today's action — Aleksandr Tribun, Oleg Chirikov, and Vladmir Kaganskiy —are executives of Divetechnoservices or worked on behalf of the company.

Monday's sanctions are part of a broader, and what some see as a largely symbolic, effort by the US government to turn up the heat on Russia for numerous recent cyberattacks on US critical infrastructure targets and for its online election-tampering. In March, the government imposed similar sanctions against five Russian companies and 15 individuals for cyberattacks on the US and its allies. In February, a federal grand jury indicted 13 Russian individuals and three Russian organizations for interfering with the US general election process in 2016 with the goal of influencing the outcome.

Alexander Polyakov, founder and CTO of ERPScan, says the US government's sanctions against his company are unmerited. "I woke up and was embarrassed by such news," Polyakov says. "The only accusation about ERPScan is that we are [a] subsidiary of [Digital Security]."

According to Polyakov, as of 2014, ERPScan is a private company registered in the Netherlands. It does not have any connections with any of the other companies that the Treasury department has designated for sanctions, he says.

Over the years, ERPScan has helped multiple software companies fix over 600 security vulnerabilities in their products. The company's research work has been published at over 100 security conferences worldwide. "The only issue is that I and some of my peers were born in Russia," Polyakov says. "Oh, come on. I'm sorry, but I can't change it."

Alexander Kruglov, head of marketing at Embedi - which just last year disclosed a major bug in firmware used in many Intel chips — says the US government action against his company was a complete surprise.

Some of the company's research team members are former employees of Digital Security, he says. But that was before Embedi was launched in December 2016, he says.

"We are not sure what we should do next," Kruglov says. Like Polyakov, Kruglov points to the security research that the company has done over the years, including work that has helped companies like Microsoft and Intel.

"We do hope that this misunderstanding could be solved somehow, as far as we are not even a Russian entity," he says.

Digital Security did not respond immediately to a request for comment.

Related Content:

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.