Attacks/Breaches

6/11/2018
04:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks

Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.

The Trump administration today announced sanctions against five Russian companies and three individuals for enabling and assisting Russia's intelligence and military units carry out cyberattacks against US interests.

Three of the companies that have been slapped with the sanctions are cybersecurity firms, one is a manufacturer and supplier of underwater equipment, and another is a scientific research institute.

In comments to Dark Reading, executives from two of the cybersecurity firms professed shock at the development and disputed the US government's characterization of their work. One of them said the company was not even a Russian entity as described by the US.

The US Treasury Department said it was taking the action under a 2017 Executive Order and the Countering America’s Adversaries Through Sanctions Act aimed at punishing entities engaged in offensive cyber activities against the US. The sanctions immediately freeze all property and interests of the designated entities and individuals and prohibit US companies and people from doing business with them.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB [Russia’s Federal Security Service] and therefore jeopardize the safety and security of the United States and our allies," Treasury Secretary Steven Mnuchin said.

The Treasury Department cited last year's NotPetya global ransomware attacks, intrusions into the US energy grid, and global compromises of routers, switches, and other network infrastructure devices, as examples of Russia's "malign and destabilizing cyber activities." Russia's intelligence and military units have also been active in tracking the undersea communication cables that carry a vast bulk of telecommunication data globally, the Treasury noted in its statement.

The three security firms named in Monday's action are Digital Security, ERPScan, and Embedi. According to the Treasury Department, Digital Security has technologically and materially helped Russian intelligence services, including the FSB, hone up on their cyber-offensive capabilities. It described both ERPScan and Embedi — vendors known in the US for making numerous vulnerability disclosure contributions — as subsidiaries of Digital Security.

The two other firms that have been slapped with sanctions are Kvant Scientific Research Institute and underwater equipment specialist Divetechnoservices. All three of the individuals in today's action — Aleksandr Tribun, Oleg Chirikov, and Vladmir Kaganskiy —are executives of Divetechnoservices or worked on behalf of the company.

Monday's sanctions are part of a broader, and what some see as a largely symbolic, effort by the US government to turn up the heat on Russia for numerous recent cyberattacks on US critical infrastructure targets and for its online election-tampering. In March, the government imposed similar sanctions against five Russian companies and 15 individuals for cyberattacks on the US and its allies. In February, a federal grand jury indicted 13 Russian individuals and three Russian organizations for interfering with the US general election process in 2016 with the goal of influencing the outcome.

Alexander Polyakov, founder and CTO of ERPScan, says the US government's sanctions against his company are unmerited. "I woke up and was embarrassed by such news," Polyakov says. "The only accusation about ERPScan is that we are [a] subsidiary of [Digital Security]."

According to Polyakov, as of 2014, ERPScan is a private company registered in the Netherlands. It does not have any connections with any of the other companies that the Treasury department has designated for sanctions, he says.

Over the years, ERPScan has helped multiple software companies fix over 600 security vulnerabilities in their products. The company's research work has been published at over 100 security conferences worldwide. "The only issue is that I and some of my peers were born in Russia," Polyakov says. "Oh, come on. I'm sorry, but I can't change it."

Alexander Kruglov, head of marketing at Embedi - which just last year disclosed a major bug in firmware used in many Intel chips — says the US government action against his company was a complete surprise.

Some of the company's research team members are former employees of Digital Security, he says. But that was before Embedi was launched in December 2016, he says.

"We are not sure what we should do next," Kruglov says. Like Polyakov, Kruglov points to the security research that the company has done over the years, including work that has helped companies like Microsoft and Intel.

"We do hope that this misunderstanding could be solved somehow, as far as we are not even a Russian entity," he says.

Digital Security did not respond immediately to a request for comment.

Related Content:

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.