Treasury hits infosec vendors with Russia-related sanctions

The Department of the Treasury announced it was applying sanctions to another five organizations and three Russian citizens for allegedly assisting Russia in cyberattacks against the United States.

The announcement does not detail precisely what assistance the companies provided to the Russian government, but mentions the NotPetya ransomware attacks, cyber intrusions into the U.S. energy grid and "global compromises of network infrastructure devices, including routers and switches," as examples of destabilizing acts carried out by the Russian government.

The sanctions target Digital Security, a Russia-based cybersecurity firm, and two other companies, Embedi and ERPScan, that Treasury officials say are "owned or controlled" by Digital Security. All three organizations are charged with providing "material and technological support" to Russian security and intelligence services.

Treasury Secretary Steven Mnuchin said the U.S. government was engaged in an "ongoing effort" to target groups of individuals who may have coordinated with the Russian Federal Security Services (FSB) and suggested that the list could continue to grow, saying policymakers "will continue to utilize…sanctions authorities."

In March, Treasury sanctioned five organizations and 19 individuals, all Russian citizens, for providing assistance to the Russian government related to a range of malicious cyber activities.

"The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies," Mnuchin said.

Though Embedi and ERPScan, which provides implementation services for SAP and Oracle ERP software, do business in the U.S., they don’t appear to have a presence in the federal contracting market. Jennifer Sakole, research manager at contracting intelligence firm Deltek, told FCW she could not find any records of Embedi or ERPScan doing business with the federal government as a prime or subcontractor.

One of the companies listed -- Embedi -- has been owned or controlled by Digital Security since at least May 2017, according to the announcement. The company is best known for discovering a key vulnerability in Microsoft Office in November 2017. Microsoft subsequently patched the flaw as a result of the disclosures.

According to its website, Embedi sells security software designed to protect users from zero-day vulnerabilities and has offices in Berkeley, Calif., and Herzliya, Israel.

FCW called the Berkeley number listed on the company’s website and spoke to an individual who identified himself as Donald Anderson. The Embedi website lists Anderson as vice president for business development.

Anderson called the sanctions an "unfortunate event," and denied that the company had any ties to the Russian government. He also said Embedi had not had any contact with the Treasury Department prior to the June 11 sanctions announcement.

"Actually, we have no connections with Russia right now," said Anderson. "Some of our former research team, members of our research team are some of them former employees of Digital Security company…but right now, none of them have any connection with the Russian federal government or [FSB.]"

Anderson also asserted that Embedi is not owned or controlled by Digital Security. Embedi's CEO and founder Ilia Medvedowski once worked for the firm.

Anderson pointed to the company's work finding the Microsoft Office Equation Editor bug as an example of the company's good work. "We are just pure cybersecurity enthusiasts who help this world to be a better place," he said.

Anderson said, however, that some Embedi employees could have been working with Digital Security.

"I do think that some of our researchers could be possibly involved in some research with Digital Security as a company," he said. "Maybe the government somehow connected these researchers with our company, but we have no connections with Russia let me assure you."

Anderson said the company hoped to connect with Treasury officials to clear up the matter.

Treasury officials did not immediately reply to FCW's request for comment.