U.S. sanctions against Russian cybersecurity companies. I never thought that I will write here about state sanctions. Usually I try to ignore political topics. But now it’s necessary. Yesterday OFAC introduced sanctions against 5 Russian companies.
I would like to mention 3 of them:
- Digital Security – one of the leading Russian Information Security consulting companies. They make vulnerability researches, penetration testing, security audits (including PCI-DSS). They also organize ZeroNights – one of the main international Information Security conferences in Russia. I participated and wrote about these events: “ZeroNights16: Enterprise Vulnerability Management” and “ZeroNights 2017: back to the cyber 80s“.
- ERPScan – Vulnerability Management vendor specialized on SAP ERP. I wrote about their product in “ERPScan SAP security scanner“.
- Embedi – researchers and vendor of prevention solution made specifically for smart-devices. For example, they explored famous Intel AMT vulnerability.
Why these companies were affected?
OFAC wrote in their press release that ERPScan and Embedi are linked to Digital Security, and Digital Security in 2015 “worked on a project that would increase Russia’s offensive cyber capabilities”.
It is unclear what they meant by all this. But for now it seems that ANY Russian government contractor can get under sanctions and their business in U.S. jurisdiction will be destroyed:
“As a result of today’s action, all property and interests in property of the designated persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.”
Despite the fact that FSB is the heir of the KGB, it is also one of the most important security regulators in Russia. It is very difficult not to be linked with them at least from the point of view of licenses and certificates. Here is, for example, a list of CISCO products certified by FSB. 🙂
The press release itself is hilarious. OFAC mentioned “NotPetya cyber-attack”, from which many Russian companies also have suffered (see “Petya the Great and why *they* don’t patch vulnerabilities“). I will not talk about “sophisticated” attack attribution methods by ip addresses and by Russian words in the code. Just do not forget who have NOT reported vulnerability MS17-010 to MS, who created and secretly used EternalBlue exploit. 😉
And on whom U.S. imposed the sanctions? On Fancy Bear? These sanctions against white-hats will only help state-sponsored hackers (if they even exist, I do not believe in this conspiracy). There will be more highly qualified specialists on the market who can’t earn money in a civilized manner.
Personally, I do not see any particular reasons why U.S. officials chose DSec. Maybe they have their own reasons. Currently it seems that they just going to bury ALL noticeable Cyber Security businesses with Russian roots in alphabetical order, starting from the letter D.
I wish the best to the affected colleagues. I hope this nonsense will end soon.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.