Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/11/2018
04:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks

Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.

The Trump administration today announced sanctions against five Russian companies and three individuals for enabling and assisting Russia's intelligence and military units carry out cyberattacks against US interests.

Three of the companies that have been slapped with the sanctions are cybersecurity firms, one is a manufacturer and supplier of underwater equipment, and another is a scientific research institute.

In comments to Dark Reading, executives from two of the cybersecurity firms professed shock at the development and disputed the US government's characterization of their work. One of them said the company was not even a Russian entity as described by the US.

The US Treasury Department said it was taking the action under a 2017 Executive Order and the Countering America’s Adversaries Through Sanctions Act aimed at punishing entities engaged in offensive cyber activities against the US. The sanctions immediately freeze all property and interests of the designated entities and individuals and prohibit US companies and people from doing business with them.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Russia’s Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies," Treasury Secretary Steven Mnuchin said.

The Treasury Department cited last year's NotPetya global ransomware attacks, intrusions into the US energy grid, and global compromises of routers, switches, and other network infrastructure devices, as examples of Russia's "malign and destabilizing cyber activities." Russia's intelligence and military units have also been active in tracking the undersea communication cables that carry a vast bulk of telecommunication data globally, the Treasury noted in its statement.

The three security firms named in Monday's action are Digital Security, ERPScan, and Embedi. According to the Treasury Department, Digital Security has technologically and materially helped Russian intelligence services, including the FSB, hone up on their cyber-offensive capabilities. It described both ERPScan and Embedi — vendors known in the US for making numerous vulnerability disclosure contributions — as subsidiaries of Digital Security.

The two other firms that have been slapped with sanctions are Kvant Scientific Research Institute and underwater equipment specialist Divetechnoservices. All three of the individuals in today's action — Aleksandr Tribun, Oleg Chirikov, and Vladmir Kaganskiy —are executives of Divetechnoservices or worked on behalf of the company.

Monday's sanctions are part of a broader, and what some see as a largely symbolic, effort by the US government to turn up the heat on Russia for numerous recent cyberattacks on US critical infrastructure targets and for its online election-tampering. In March, the government imposed similar sanctions against five Russian companies and 15 individuals for cyberattacks on the US and its allies. In February, a federal grand jury indicted 13 Russian individuals and three Russian organizations for interfering with the US general election process in 2016 with the goal of influencing the outcome.

Alexander Polyakov, founder and CTO of ERPScan, says the US government's sanctions against his company are unmerited. "I woke up and was embarrassed by such news," Polyakov says. "The only accusation about ERPScan is that we are [a] subsidiary of [Digital Security]."

According to Polyakov, as of 2014, ERPScan is a private company registered in the Netherlands. It does not have any connections with any of the other companies that the Treasury department has designated for sanctions, he says.

Over the years, ERPScan has helped multiple software companies fix over 600 security vulnerabilities in their products. The company's research work has been published at over 100 security conferences worldwide. "The only issue is that I and some of my peers were born in Russia," Polyakov says. "Oh, come on. I'm sorry, but I can't change it."

Alexander Kruglov, head of marketing at Embedi - which just last year disclosed a major bug in firmware used in many Intel chips — says the US government action against his company was a complete surprise.

Some of the company's research team members are former employees of Digital Security, he says. But that was before Embedi was launched in December 2016, he says.

"We are not sure what we should do next," Kruglov says. Like Polyakov, Kruglov points to the security research that the company has done over the years, including work that has helped companies like Microsoft and Intel.

"We do hope that this misunderstanding could be solved somehow, as far as we are not even a Russian entity," he says.

Digital Security did not respond immediately to a request for comment.

Related Content:

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19698
PUBLISHED: 2019-12-10
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.