The Biden administration has implemented a set of sweeping new sanctions against Russian companies--including several cybersecurity providers--for supporting what the administration called “malign behavior” by the Russian government, including the SolarWinds intrusion and other cyber attacks that have affected companies in the United States and elsewhere.
The sanctions in a new executive order essentially prohibit U.S. companies from doing business with six Russian technology and research companies, which the Department of the Treasury says support the Russian intelligence services. Among the entities sanctioned in the new order are Positive Technologies, NeoBIT, and AST, which are all security companies based in Russia. In its statement, Treasury said that all three companies provide services and support to the Ministry of Defense (SVR) and the Federal Security Service (FSB), the two main security and intelligence services.
“The private and state-owned companies designated today enable the Russian Intelligence Services’ cyber activities. These companies provide a range of services to the FSB, GRU, and SVR, ranging from providing expertise, to developing tools and infrastructure, to facilitating malicious cyber activities,” the Treasury statement says.
The new sanctions and executive order likely won’t have much direct effect on U.S. enterprises or their security teams, unless they are current customers of one of the designated companies.
Both the SVR and FSB have been involved in offensive cyberespionage and other activities for many years, and security researchers track their various activities under several individual clusters, including APT29, which is attributed to the SVR.
As part of the sanctions, the Biden administration for the first time named the SVR as the group responsible for the SolarWinds intrusion.
“To bolster its malicious cyber operations, the FSB cultivates and co-opts criminal hackers."
“The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide. The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident,” the White House said in a statement.
The executive order, which President Biden released Thursday, focuses heavily on the economic aspects of the sanctions, as is typical in these actions. The goal of sanctions like these is to put economic pressure on the government and other entities that are designated, through the restriction on property ownership and transfer and prohibitions on U.S. investment or other financial dealings with them. But there are quite a lot of cybersecurity implications in the order and sanctions, as well. In the order, Biden cites the Russian government’s efforts “to engage in and facilitate malicious cyber-enabled activities against the United States and its allies and partners” as one of the key factors for the new actions.
Among those malicious activities are a variety of ransomware and other malware campaigns that the U.S. government is tying the Evil Corp. cybercrime and ransomware group, which the Department of the Treasury sanctioned in 2019. The new sanctions tie the group directly to the FSB.
“To bolster its malicious cyber operations, the FSB cultivates and co-opts criminal hackers, including the previously designated Evil Corp, enabling them to engage in disruptive ransomware attacks and phishing campaigns,” the Treasury statement says.
“The GRU’s malign cyber activities include deployment of the NotPetya and Olympic Destroyer malware; intrusions targeting the Organization for the Prohibition of Chemical Weapons and the World Anti-Doping Agency; cyber attacks on government systems and critical infrastructure in Ukraine and the state of Georgia; and hack-and-leak operations targeting elections in the United States and France.”