The government is targeting companies and individuals that they say worked with Russia’s Federal Security Service (FSB), the country’s chief intelligence agency. Officials claim those sanctioned helped assist Russian-linked hacking operations. Some of the affected companies currently boast offices located inside the U.S..
The chief target of the sanctions appears to be Digital Security, an ambiguously named Russia-based cybersecurity company, which Treasury says “worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, to include the FSB.”
Two other cybersecurity companies, ERPScan and Embedi, were sanctioned as well. Both are subsidiaries of Digital Security, according to the Treasury Department. The firms have addresses in or around California’s Silicon Valley.
“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities,” Treasury Secretary Steven Mnuchin said in a statement.
Spokespeople for ERPScan and Embedi responded to the sanctions news Monday.
“I woke up and was shocked by such news,” ERPScan’s founder and CTO Alexander Polyakov told CyberScoop. “The only accusation about ERPScan is that we are subsidiary of other company … As of 2014 ERPScan is a private company registered in the Netherlands and is not a subsidiary of any company listed in this document.”
Polyakov said that ERPScan, which is known for discovering software vulnerabilities in the SAP enterprise platform, will “continue with helping the world to protect critical software.”
“All these news came to us as an unpleasant surprize [sic],” Alex Kruglov, Embedi’s head of marketing and public relations, wrote in an email. “We never worked for Russian government, but indeed we have some former Russian researchers in our Research Team (some of them are former employees of Digital Security).”
Kruglov noted that the company’s CEO, Ilia Medvedowski, is a former employee of Digital Security. He also said that most of the former employees of Digital Security who now work for Embedi are vulnerable researchers and security analysts. Embedi itself, however, is not a subsidiary of Digital Security, Kruglov said.
Embedi’s work involves finding potent zero-day exploits in popular software. But Kruglov described the company as “entirely white hat” and said they have no connection to any government and have never sold an exploit.
The company’s U.S.-based future is unclear at this point. In the past, Embedi has worked with U.S. vendors including Microsoft, Cisco, Symantec, IOActive and Schneider Electric.
Kvant Scientific Research Institute, located in St. Petersburg, Russia, was sanctioned for being “owned or controlled by the FSB. Kvant is identified as “the prime contractor on a project for which the FSB was the end user.” There is no further explanation of what the project is.
The Treasury Department did not respond to a request for further information prior to this article’s publication.
Divetechnoservices was specifically sanctioned “for providing material and technological support to the FSB” over the course of a decade, allegedly in service of the FSB’s ongoing efforts to conduct undersea espionage. Undersea communications cables carry the majority of the world’s data.
The three individuals sanctioned are all said to be Divetechnoservices managers. Aleksandr Lvovich Tribun is a general director, Oleg Sergeyevich Chirikov is a program manager and Vladimir Yakovlevich Kaganskiy is the owner.
In a press release intended for media, the U.S. government cited a wide range of recent malicious Russian cyber activity, including the NotPetya attack, “global compromises of network infrastructure devices” as well as intrusions against the American energy grid.
Chris Bing contributed to this story.