Acting on an executive order, the U.S. government imposed sanctions on five companies and three individuals for their collaboration with the Russian Federal Security Service (FSB) in state-sponsored cyber-attack activity.
Three of the companies hit with sanctions by the U.S. Department of the Treasury are a cybersecurity firm Digital Security and two of its spinoff companies, ERPScan and Embedi; one is the Kvant Scientific Research Institute. The fifth, Divetechnoservices nominally makes underwater equipment, according to a public statement.
The links between the sanctioned organizations and the FSB are varied. Since 2015, Digital Security worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, including the FSB, according to the department. Kvant provided material and technological support to the FSB, had extensive ties to the service and also was a prime contractor on a project for which the FSB was the end user.
Divetechnoservices has procured a variety of underwater equipment and diving systems for Russian government agencies, including the FSB, as well as provided a submersible craft valued at $1.5 million to the service for cyber activities, according to the feds.
[See also: Episode 83: Who is hacking the Olympics? Octoly’s Influencer Breach and Google plays HTTPS Hardball]
Three employees from Divetechnoservices were sanctioned individually: General Director Aleksandr Lvovich Tribun, Program Manager Oleg Sergeyevich Chirikov and owner and former general Director Vladimir Yakovlevich Kaganskiy. The US cited their company’s support to improve the FSB’s cyber-offensive position.
“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities,” Treasury Secretary Steven T. Mnuchin said in a press statement about the sanctions “The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies.”
The Russian government is believed to be engaged in active tracking of undersea communication cables, which carry the bulk of the world’s telecommunications data and are ripe for cyber attacks, according to the Treasury. “Today’s action also targets the Russian government’s underwater capabilities,” Mnuchin said.
The government also aims to target actors who have a hand in helping Russia pull off “malign and destabilizing cyber activities” like the NotPetya malware that caused hundreds of millions in damage and had other serious ramifications for FedEx, Merck and other global companies.
The U.S. and its allies, including the U.K. have named Russia as the source of the NotPetya malware.
Mnuchin said the U.S. government also has a close eye on and aims to take action against efforts by Russia to mount “cyber intrusions against the U.S. energy grid to potentially enable future offensive operations,” as well as global compromises of network infrastructure devices, including routers and switches, for disruptive cyber attacks.
Sanctioning individuals and firms will have property and assets that are under U.S. jurisdiction frozen. U.S. companies and citizens are barred from doing business with them. Treasury said it took the action under Executive Order (E.O.) 13694, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” as amended, and Section 224 of the Countering America’s Adversaries Through Sanctions Act (CAATSA).
Indeed, the United States has–on the surface at least–been bolstering cybersecurity efforts recently. At the same time, there is still ample evidence that the government itself remains vulnerable to and unprepared for cyber attacks within its own departments.
Last month, the Department of Homeland Security unveiled a new strategy to steer its cybersecurity efforts to meet what it recognizes as a growing threat to U.S. national security and critical infrastructure. Russia in particular is in the cross-hairs of the U.S. government for its well-known and ambitious cyber hassling of the United States in the form of online election tampering and malware like NotPetya and other attacks against critical infrastructure.
A federal grand jury indicted 13 people and three Russian companies for intending to sway the 2016 U.S. election through cyber efforts, though security experts widely panned an Obama Administration report on Russia’s involvement in election tampering for being inconclusive. In March the U.S. government also sanctioned five Russia companies and 15 individuals in a similar fashion to the Treasury’s indictments this week.
Meanwhile, as the United States targets Russia, other state-sponsored cyber enemies continue to pose an imminent threat on other fronts of the global cyber war.
A report from the U.S. China Commission in April found that the U.S. government’s own computer networks and systems remain at risk to cyber attacks from China due to Chinese ties with government contractors, including Microsoft, Dell and VMware. And Iran is likely to be readying more cyber attacks against the United States in retaliation for President Trump’s exit from the Iran nuclear deal, according to a recent Recorded Future report.
Pingback: Podcast Episode 109: What's The US Freedom Army? Ask Russia. | The Security Ledger