The U.S. Department of the Treasury announced today that they have imposed sanctions on five Russian entities and 3 Russian individuals for allegedly being controlled by or aiding Russia’s Federal Security Service (FSB) in the operation of cyber attacks.
“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities. The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies,” said Treasury Secretary Steven T. Mnuchin. “The United States is committed to aggressively targeting any entity or individual working at the direction of the FSB whose work threatens the United States and will continue to utilize our sanctions authorities, including those provided under CAATSA, to counter the constantly evolving threats emanating from Russia.”
The press release included examples of Russia's malicious cyber activity, which included the NotPetya attack, attacks against U.S. network infrastructure, utilities, and other disruptive cyber-attacks. These sanctions also target Russia's tracking of underwater communications in order to eavesdrop on world wide communications.
No mention of Russian attacks on U.S. elections was mentioned in the press release.
Due to these sanctions, all U.S. businesses are prohibited from working with these companies and all properties and holdings of these companies and individuals have been blocked by the U.S. government.
The entities sanctioned by the U.S. are Digital Security, and their subsidiaries ERPScan and Embedi, and Kvant Scientific Research Institute (Kvant) and Divetechnoservices. According to the press release, Digital Security was allegedly added for providing material and technological support to the FSB, Kvant for being controlled by the FSB, and Divetechnoservices for providing variety of underwater equipment and diving systems for Russian government agencies.
The three Russian individuals who were sanctioned are Aleksandr Lvovich Tribun, Oleg Sergeyevich Chirikov, and Vladimir Yakovlevich Kaganskiy. All of these individuals work for Divetechnoservices.
Of particular interest are Embedi and ERPScan, who are both well known within the infosec community. Embedi is known for exploit research and security solutions for protecting hardware devices. ERPScan is well known for their enterprise services and solutions for protecting ERP systems and enterprise applications. No mention of their affiliation with Digital Security could be readily found on either of their web sites.
"As for connections to Digital Security, we indeed have some researchers, who were former employees of this Company," Alex Kruglov, Head of Marketing and PR at Embedi, told BleepingComputer. "As for legal connections, we are completely different entity, not even based in Russia."
ERPScan CTO & Founder Alexander Polyakov told Bleeping Computer that ERPScan is a private company in the Netherlands and is not an subsidiary of any company listed in the press release.
"I woke up and was embraced by such news. The only accusation against ERPScan is that we are subsidiary of other company which is stated here https://home.treasury.gov/news/press-releases/sm0410 As of 2014 ERPScan is a private company registered in the Netherlands and are not a subsidiary of any company listed in this document," Polyakov told Bleeping Computer.
Polyakov states that regardless of this news, they will continue changing "the world by making it better and more secure. We will continue helping protect critical SAP and Oracle software from cyberattacks"
According to an interview with the Infosec Institue, Polyakov mentions that he had previously worked at a company named Digital Security where only the best hackers from their city were employed.
"Later on, my university buddy invited me to work for the Digital Security company, which was the place where the best hackers from our city were working, and probably the first Russian company which was focused on what we call penetration tests now. It was like a dream to do what you love, like breaking the security of big corporations, and earn money."
Polyakov has confirmed that he had previously worked for Digital Security. He further told BleepingComputer that one of the owners of ERPScan is also an owner of Digital Security, but continues to stress that the two companies are not affiliated with each other.
"One of the owners of ERPScan is also a DSEC owner, but companies are not subsidiaries, they are different," Polyakov told BleepingComputer. "We are a software company focused on helping to protect ERP systems."
While there appears to be overlap between both of these companies and Digital Security, both companies state that they have no affiliation with them and are not owned by them.
This is a developing story and will be updated as new information becomes available.
Updated 6/11/18 15:35 EST: Updated article with statement from ERPScan CTO & Founder Alexander Polyakov.
Updated 6/11/18 21:49 EST: Updated to include response from Embedi