Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
US Blacklists 6 Russian Organizations Over Security Concerns
Commerce Department Says Organizations Are Aligned With Russian IntelligenceThe Department of Commerce is restricting trade with four Russian information technology and cybersecurity firms, along with two other entities, over concerns that these organizations pose a threat to U.S. national security, according to a document published Friday.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
The six Russian organizations added to the department's Entity List on Friday build off sanctions imposed by the Department of Treasury in April, which claimed that these companies and other entities are aligned with or assist Russian intelligence services.
Now that these organizations have been placed on the Entity List, the Department of Commerce will require them to apply for a special license to do business with U.S. companies or receive supplies or components from American firms.
Those Russian organizations now included on the Entity List, which is maintained by the Commerce Department's Bureau of Industry and Security, include:
- Aktsionernoe Obschchestvo Pasit: An IT company that reportedly conducted research and development for the country's Foreign Intelligence Service;
- Federal State Autonomous Institution Military Innovative Technopolis Era: A research center and technology park operated by the Russian Ministry of Defense;
- Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA): A state-owned institution believed to support malicious cyber activity;
- Aktsionernoe Obshchaestvo AST;
- Aktsionernoe Obshchestvo Pozitiv Teknolodzhiz, or JSC Positive Technologies;
- Obshchestvo S Ogranichennoi Otvetstvennostyu Neobit;
The IT firms AST, Positive Technologies and Neobit have also worked with the Russian government, according to the Commerce Department.
Treasury Sanctions
April sanctions from the Treasury Department pinpointed Russian-based technology, security companies and research firms allegedly working with the Russian Foreign Intelligence Service, aka SVR, as well as other Russian agencies, including the Main Intelligence Directorate, also known as the GRU, on cyber campaigns (see: US Pulls Back Curtain on Russian Cyber Operations).
On sanctioning Russia this year, the Biden administration attempted to begin curbing the country's cyber operations while responding to incidents now increasing in frequency - including a large-scale ransomware attack on remote management software vendor Kaseya this month - suspected to have been conducted by Russian-speaking group REvil (see: Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack).
Positive Technologies told Reuters on Friday that the company had never been involved with an attack on U.S. infrastructure.
'Unacceptable Conduct'
In its sanctioning this spring, the Treasury Department had harsh words for the Kremlin.
“Treasury is leveraging…[its] authority to impose costs on the Russian government for its unacceptable conduct, including by limiting Russia’s ability to finance its activities and by targeting Russia’s malicious and disruptive cyber capabilities," Treasury Secretary Janet L. Yellen said at the time.
The department also noted: "The Russian Intelligence Services have executed some of the most dangerous and disruptive cyberattacks in recent history," including the 2020 SolarWinds incident, a supply chain attack that ultimately affected several U.S. agencies (see: 7 Takeaways: Supply Chain Attack Hits SolarWinds Customers).
The Treasury Department also criticized the Kremlin for election meddling, poisoning Kremlin critic Aleksei Navalny and stealing "red team tools" - mimicking cyberattacks - from a U.S. security company, among other recent actions. The Kremlin has denied the allegations.
'Enabling Russian Cyber Activities'
Both private and state-owned companies sanctioned in April "enable the Russian Intelligence Services' cyber activities" and "provide a range of services to the [agencies] FSB, GRU, and SVR, ranging from providing expertise, to developing tools and infrastructure, to facilitating malicious cyber activities," the Treasury Department added.
Other Federal Measures
On Thursday, the Department of State also announced it will now offer rewards of up to $10 million for information about cyberthreats to the nation's critical infrastructure.
The Department of Homeland Security and the Justice Department also unveiled a website called "StopRansomware," which is described as a central hub for consolidating ransomware-fighting resources from all federal government agencies (see: US Offering $10 Million Reward for Cyberthreat Information).
Following the attack on Kaseya, Biden spoke to Russian President Vladimir Putin on July 9 and repeated demands that he made during their June summit in Geneva: that the Russian government needs to crack down on cybercriminal activity within its borders.
Biden added that the U.S. government is prepared to take "any necessary action to defend its people and its critical infrastructure in the face" of ongoing cyberattacks.