The Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations.
The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it was part of an effort to “disrupt the coordinated efforts of Russian officials, proxies and intelligence agencies to delegitimize our electoral process.”
As part of the crackdown, Treasury sanctioned six Russian tech firms for allegedly providing support to Russian intelligence services’ hacking operations by developing malicious software or setting up IT infrastructure.
U.S. officials also made official what had long been rumored: They believe with “high confidence” that Russia’s foreign intelligence agency, the SVR, carried out the hacking campaign that has exploited software made by contractor SolarWinds and other vendors to infiltrate nine U.S. agencies and 100 private firms. The White House explicitly named a notorious hacking group known as APT29 or Cozy Bear — one of the spy outfits behind the 2016 hack of the Democratic National Committee — as being responsible for the SolarWinds compromises.
For its part, the U.K. government’s National Cyber Security Centre said Thursday that it was “highly likely” that the SVR was behind the SolarWinds breaches. The NCSC statement also linked the SVR to intrusions of European government computer networks stretching back a decade.
The Biden administration actions against alleged Russian activity come at a tense time in bilateral relations. The U.S. and its European allies have expressed concern over Russia’s buildup of troops near the border of Ukraine, as a conflict between Russian-backed insurgents and the Ukrainian government drags on.
President Joe Biden used a new executive order to authorize the actions, which also included a prohibition on U.S. financial firms participating in the “primary” bond market maintained by Russia’s Central Bank and other Russian institutions after June 14.
The White House also said the U.S. government had expelled 10 people from Russia’s diplomatic mission in Washington, including “representatives of Russian intelligence services.”
Moscow has denied involvement in the so-called SolarWinds campaign. Maria Zakharova, a spokesperson for Russia’s Ministry of Foreign Affairs, said Thursday that the U.S. ambassador to Moscow had been summoned in response to the sanctions. Zakharova said the U.S. actions would lead to a “decisive rebuff” from Russia.
While some private-sector analysts have wondered how the alleged SVR operation differs from traditional cyber-espionage, the White House made the case Thursday that the scope of the hacking is a “national security and public safety concern” and that “it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident.”
Still, some lawmakers expressed skepticism that the Russian hacking had violated any norms. “The SolarWinds incident … has had all the trappings of traditional espionage that, while unfortunate, has not historically been outside the bounds of responsible state behavior,” Rep. Jim Langevin, D-R.I., said while calling on the Biden administration to “fully explain the contours of [its] new policy that seems to focus on Russia’s reckless history of attacks like NotPetya and the immense cleanup costs associated with SolarWinds.”
U.S. officials are weighing whether to take additional action under an executive order to protect the IT supply chain “from further exploitation by Russia,” the White House said.
Also Thursday, U.S. government agencies issued an alert aimed at the private sector, saying that the SVR was exploiting five vulnerabilities to target U.S. companies.
The series of U.S. statements on Russian cyber-operations had other revelations: The Treasury Department formally linked Russia’s FSB intelligence agency with a ransomware gang known as EvilCorp.
“To bolster its malicious cyber operations, the FSB cultivates and co-opts criminal hackers, including the previously designated Evil Corp, enabling them to engage in disruptive ransomware attacks and phishing campaigns,” the Treasury Department said.
UPDATED, 1:30 p.m. EDT: This story was updated with responses from Moscow, the U.K. and Rep. Jim Langevin, D-R.I., to the White House announcements.