US Treasury sanctions Russian cyber and influence entities


The US Treasury has been levying sanctions against Russian companies and individuals left and right. But, for the first time since Russia’s invasion of Ukraine, it has also sanctioned cyber-adjacent entities.

The US has sanctioned 22 individuals and 83 entities in Russia and 30 individuals and companies in third-party countries that helped Moscow evade previous American sanctions.

Washington has been levying sanctions against Russian entities and officials since 2014, when the Kremlin organized the annexation of Crimea and started the war in the Donbas region.

As before, sanctions affect Russia’s financial sector, arms dealers, metal and mining sectors, and military supply chains. However, this is the first time since the beginning of Russia’s full-scale invasion of Ukraine that the Treasury has also sanctioned Russian cyber and influence firms.

One of the most prominent firms on the new list is 0Day Technologies. The US Treasury called it “a Moscow-based cybersecurity consulting firm [that] has provided databases of Western nation citizens’ personally identifiable information to Russian intelligence.”

This is what the Treasury says officially. But there’s more: according to the BBC, the hacktivist group Digital Revolution stole data from 0Day’s network back in 2020 and leaked details about Fronton, a tool that can be used for distributed denial-of-service attacks and orchestrating social media disinformation campaigns.

The Treasury also sanctioned Forward Systems, R&DC, another Moscow-based IT company, saying it "developed specialized software and algorithms" for Russia's GRU military intelligence service as part of its "offensive cyber operations."

Novilab Mobile, a Moscow-based software company, is also targeted – for developing a project to enable mobile device monitoring at the request of Advanced System Technology, a contractor for the Russian FSB agency, previously sanctioned in April 2021.

Other sanctions were also announced against AO Russian High Technologies and ZAO Akuta, two other IT companies that worked for Russian intelligence agencies and provided programming services.

Finally, Treasury officials also sanctioned OOO Lavina Puls and AO Inforus, two known entities that ran malign influence operations on behalf of the GRU military intelligence services.

Effective tool or posturing?

The US issued its first cyber sanctions in 2015, when president Obama’s Executive Order 13694 “authorized the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities that result in enumerated harms that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the US.”

In 2020, the European Union also entered the world of cyber sanctions by targeting six individuals and three entities from Russia, China and North Korea who were “involved in significant cyber-attacks or attempted cyber-attacks against the EU or its member states.”

This February the US and UK governments announced joint measures against seven Russian cyber-criminals who are members of the notorious Trickbot malware gang. The group, which again has links to Russia’s intelligence services, was blamed for developing ransomware strains targeting critical services in the US and UK.

It is important, though, to ascertain whether cyber sanctions have a meaningful impact on disrupting and deterring cybercrime – mostly because attribution for cyberattacks is notoriously difficult compared to traditional forms of crime.

Besides, if targeted people or entities reside in countries like Russia or North Korea, they are usually beyond the reach of law enforcement. The US Treasury itself admits Russia “is a haven for cybercriminals” where hacker groups “freely perpetrate malicious cyber activities.”


More from Cybernews:

Meta and Twitter's move to milk users might backfire

One year of Russia’s cyberwar in Ukraine: what we have learned

Dole ransomware attack shuts down entire North American production

Threat group using ancient Hindu sage name as smokescreen, analyst suggests

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked