The United States has sanctioned five Russian firms, including two California-based tech companies, and three Russian citizens for working for the KGB's successor to improve Russia's ability to infiltrate infrastructure networks and telecommunications.
The U.S. Department of the Treasury's Office of Foreign Assets Control announced June 11 the sanctions against companies and individuals for allegedly providing technical and material support to, or being owned or controlled by, entities working for the Russian foreign intelligence agency, the Federal Security Service, or FSB. They are charged with helping the FSB track undersea communications, which carry the bulk of the world’s telecommunications data, and contributing to Russian hacking campaigns.
U.S. Treasury Secretary Steven Mnuchin said the U.S. "is engaged in an ongoing effort to counter malicious actors working … to increase Russia's offensive cyber capabilities" and "therefore jeopardize the safety and security of the United States and our allies."
The sanctioned companies are info-security firm Digital Security and its subsidiaries ERPScan and Embedi, diving technology and underwater works contractor Divetechnoservices, and the FSB-supervised state-owned Kvant Scientific Research Institute. The Trump administration also sanctioned Divetechnoservices' owner Vladimir Yakovlevich Kaganskiy and two other executives.
Under amended Executive Order 13694 and Section 224 of the "Countering America's Adversaries Through Sanctions Act," the U.S. froze and blocked all properties in U.S. jurisdiction owned by the sanctioned firms and individuals as well as any interest in properties and prohibit future transactions with U.S. persons.
Companies deny involvement
Berkeley, Calif.-based security specialist Embedi and Palo Alto, Calif.-based enterprise resource planning cybersecurity firm ERPScan denied working for the FSB and expressed shock at the sanctions.
"We have never worked with any government — the Russian or U.S., or any government," Embedi's head of marketing Alex Kruglov told The Register.
Embedi has exposed vulnerabilities in Microsoft Corp., Intel Corp. and Cisco Systems Inc. products. ERPScan is known for its discoveries of vulnerabilities in data processing systems and applications and in Oracle Corp. software.
"We always tried to avoid any political issues and were outside of political events. Now, we regret such an unjust move towards us," ERPScan founder and CTO Alexander Polyakov told employees in an online post.
ERPScan will close its U.S. office but continue operating around the world at other locations, said Polyakov. "It is unfortunate that American companies will not have a competitive market in the [enterprise resource planning] security field, turning our main US competitor into a monopolist without any incentive to innovate."
Recent "malign and destabilizing cyber activities" connected to Russia, according to the Treasury Dept., include the NotPetya ransomware attacks against European and North American companies in June 2017, cyber intrusions against the U.S. power grid aimed at launching future attacks, and compromises of network infrastructure devices, including routers and switches, that could lead to disruptive cyberattacks.
The Federal Bureau of Investigation and U.S. Department of Homeland Security blamed the Kremlin in a March 15 joint alert for a two-year-old hacking campaign to infiltrate and spy on the computer networks of U.S. government entities and critical infrastructure, including the power grid and the business and administrative networks of analog-controlled nuclear power plants.
From April to July 2017, state-sponsored hackers also targeted Ireland’s all-island power grid operator — EirGrid and its U.K. subsidiary in Northern Ireland — by installing a virtual wiretap to snoop on all of its internal communications sent over undersea power cables connected to Britain. The hackers gained access via a Vodafone internet router used by the grid operator and were subsequently discovered by the United Kingdom's cybersecurity agency.
The FSB was previously sanctioned in December 2016 by the Obama administration in retaliation for interference in the 2016 U.S. presidential election.
