Businesses stand accused of providing assistance to the Russian intelligence service.
Sanctions placed on Russian companies have become a routine occurrence in American foreign policy, with a fresh batch of prohibitions released yesterday taking aim at cybersecurity firms thought to have links with Moscow.
The US Treasury Department on Monday named five organizations to be banned from the American financial system, making it illegal for US business or its citizens to conduct transactions with them.
The companies included security product developer Embedi, and cybersecurity firm ERPScan – both of which are based in California and subsidiaries of the Russian firm Digital Security, according to US claims.
Digital Security, a cyber research group also put on the sanctions list, is said to provide technical support to the Russian intelligence service FSB, and therefore aiding the enhancement of the nation’s cyber capabilities.
Sanctions further hit Kvant Scientific Research Institute, Divetechnoservices, and three individuals.
The move, which comes days before Russia is to play host to the 2018 World Cup, was in retaliation for Russian state-sponsored cyber-attacks, which the US alleges has been actively targeting critical infrastructure such as the US energy grid.
“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities,” said Steven Mnuchin, US Treasury Secretary, in a statement.
“The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies.”
The newly appointed sanctions, however, came as a something of a shock to the infosec community, particularly as ERPScan was awarded ‘best product’ in this year’s Cyber Defense Magazine artificial intelligence category.
Speaking to Motherboard, Alexander Polyakov, ERPScan’s founder, denied any ties his company had to the Kremlin.
He said: “We helped multiple software companies to make their systems secure by helping to fiх over 600 vulnerabilities in their products always following responsive disclosure and helping research community. We published our research on over 100 security conferences worldwide.”
Polyakov, who used to work for Digital Security, said ERPScan is a “private company registered in the Netherlands”, despite the group still being listed as trademark owner.
Russia has said it will take retaliatory measures in response to the US sanctions, following a recently passed “counter-sanctions” law which gives the Kremlin power to stop the sale of goods between Russia and other countries.
This is just the latest move against the Russian state that has affected the tech industry, as anti-virus provider Kaspersky continues to battle the ban of the use of its products by the US government.
While it appears ERPScan does a significant amount of business with the US, it is unclear whether American allies such as the UK will take similar measures against the cybersecurity firm.