Rising Security Concerns Lands Russian I.T. Companies on Blacklist
The U.S. Department of Commerce has announced that 6 Russian entities have been sanctioned over national security concerns. Trade has been restricted with four Russian IT and Cybersecurity firms in addition two other entities. These organizations have posed a threat to U.S. national security.
April Sanctions Reveal Companies Working for SVR
U.S. sanctions placed on Russian companies in April narrowed in on entities allegedly collaborating with the Russian Foreign Intelligence Service (SVR). SVR is Russia’s external intelligence agency, focusing mainly on civilian affairs. They replaced the First Chief Directorate of the KGB.
According to the U.S. Treasury Department, sanctioned entities “provide a range of services to […] FSB, GRU, and SVR, ranging from providing expertise to developing tools and infrastructure, to facilitating malicious cyber activities.”
The original statement can be downloaded here
Blacklisted organizations are as follows:
The Bureau of Industry and Security (BIS) amends the Export Administration Regulations (EAR) by adding six entities to the Entity List
- Aktsionernoe Obshchchestvo Pasit – an IT company reported to have conducted research and development for the SVR
- Federal State Autonomous Institution Military Innovative Technopolis Era – a research center operated by the Russian Ministry of Defense
- Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA) – a state-owned institution that is believed to support malicious cyber activity
- Aktsionernoe Obshchchaestvo AST
- Aktsionernoe Obshchchestvo Pozitiv Teknolodzhiz (A.K.A. JSC Positive Technologies)
- Obshchchestvo S Ogranichennoi Otvetstvennostyu Neobit
AST, Positive Technologies, and Neobit are known to have worked with the Russian government.
When questioned about the resent Kaseya attacks, Positive Technologies stated that they have never been involved in any attack on U.S. infrastructure. However, the Treasury Department has determined that the organization poses a sufficiently significant threat to U.S. national security.
Recent U.S. Infrastructure Attacks Force Action
Following the REvil ransomware attack on Kaseya earlier this month, U.S. President Joe Biden has been trying to limit Russia’s activity in the U.S. while also responding to recent attacks on U.S. infrastructure.
Up until recently, REvil ransomware gang was at the top of their game as a Russia-based cyber extortion operation. REvil’s Sodinokibi or Sodin ransomware was the same used in the attack on Colonial Pipeline in May. After the Kaseya attack, REvil disappeared overnight, drawing confused and pondering eyes from the cybersecurity community. Some believe that REvil may have been affiliated or influenced by the SVR, and that the Russian government forced it to shut down. Others believe that Russia issued a subpoena to the ransomware gang, forcing them to wipe their servers and disappear.
Regardless of the true reason for REvil’s disappearance, Russia has a history of launching or turning a blind eye towards malicious cyber attacks on U.S. infrastructure.
The U.S. Treasury Department has criticized the Kremlin for their “unacceptable conduct,” stating after their attack on U.S. IT contractor SolarWinds that “Russian intelligence services have executed some of the most dangerous and disruptive cyberattacks in recent history.” The Kremlin has been criticized for their election meddling, the poisoning of Kremlin critic Aleksei Navalny, and stealing “red team tools,” which are tools used by cybersecurity firms to mimic cyberattacks.
Naturally, the Kremlin has denied all allegations, maintaining their claim that they have had no affiliation with attacks on U.S. infrastructure.
