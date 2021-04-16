



Written by Shannon Vavra April 15, 2021

The Biden administration took a lash against the Russian government corporate network it would rely on to conduct military intelligence and hacking activities on Thursday as part of a larger effort to push back operations Russian government hacking and information campaign targeting Americans, the US private sector and the federal government.

In one of the most striking actions taken by the Biden administration on Thursday, the US Treasury Department sanctioned Positive Technologies, a Moscow-based cybersecurity firm. According to the Treasury Department, Positive Technologies may appear to be a regular IT company, but it supports Russian government clients, including the Federal Security Service.

The company also hosts large-scale conventions that are used as recruiting events for the FSB and GRU, the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate ( GRU).

U.S. intelligence documents show that the company has at times gone even further and provided Russian intelligence services with offensive hacking tools, knowledge and offensive operations, according to the MIT Technology Review.

The administration’s announcement is part of a larger effort by the Biden administration to hold Russia accountable for the SolarWinds breach in which the government accused Russian Foreign Intelligence Service hackers (SVR) for incorporating malicious code into a software update from federal contractor SolarWinds as well as other malicious activity. The US government also revealed details of what it said are the latest SVR hacking tactics it is using to target the US defense industrial base. These revelations are an attempt to catch up with active cyber attack campaigns.

The Russian government has often relied on the skills of cybercriminals and hacking campaigns to support the government’s espionage objectives, according to the indictments. But administrations’ efforts to expose links between Russian tech sectors and government hacking campaigns risk exposing an often-widespread Russian spy ring with far-reaching tentacles in the world of billionaire entrepreneurs and companies. of dollars, a network that can obscure who is really behind. cybersecurity work emanating from Russia.

CyberScoop has previously covered research from Positive Technologies and its researchers. In a curious case, the US Department of Defense’s cyber-arm Cyber ​​Command publicly urged US system administrators to fix a vulnerability revealed by a Positive Technologies researcher. The allegedly FSB-linked company has discovered and disclosed a handful of vulnerabilities over the years, including bugs in popular software created by Citrix and in the Palo Alto Networks operating system.

The announcement of the sanctions concerns a total of six entities of the Russian technology sector. The Biden administration also identifies other entities as working for Russian government hacking objectives, including ERA Technopolis, which supported GRU’s IT and information operations.

The Treasury Department also called on Neobit, a St. Petersburg-based IT company, and AST, a Russian IT security company, to work on cyber operations run by the FSB, GRU and SVR.

Pasit, an IT company, and SVA, a research institute, have also worked on behalf of Russian governments on hacking operations by conducting research for SVR in particular, according to the Treasury.

Treasury Secretary Janet Yellen said in a statement the announcement was intended to impose costs on the Russian government for its unacceptable conduct, including limiting Russia’s ability to fund its activities and targeting malicious and disruptive cyber capabilities from Russia.

The actions of the Biden administration are expected to affect Russia from several angles. Beyond attributing the SolarWinds hack to SVR (whose hack shop is known as APT29 or Cozy Bear) and sanctioning companies working for Moscow, the US government expels 10 Russian officials from the Moscows diplomatic mission in Washington, DC

FireEye CEO Kevin Mandia noted that identifying these companies would help him better manage his cyber defense operations.

Simply naming the SVR, along with the companies that support it, will inform our defense, said Mandia, whose company Red Team tools the SVR hackers allegedly stole as part of their hack operation. SolarWinds.

Crush Moscow disinformation

The US government’s efforts to call out companies working on behalf of Russian government hacking and information operations are just the tip of the cake. The Treasury Department has also accused a series of other companies of working on behalf of the FSB, GRU and SVR to carry out Russian government disinformation operations.

SouthFront is a Russia-based online disinformation store that pushed allegations of voter fraud in the 2020 U.S. presidential election on behalf of the FSB, according to the Treasury. NewsFront, a Crimean-based propaganda site that also worked for the FSB, spread false information about the coronavirus vaccine, the sanctions announcement said.

Facebook previously removed posts related to SouthFront and NewsFront, which it said were part of a larger disinformation dissemination network run by individuals in Russia and the Donbass region of Ukraine.

Some of the sanctions identify individuals and digital currency addresses linked to the Russian government’s troll farm, the Internet Research Agency, which the US government has accused of disseminating divisive online news operations and discord in American politics. Numerous sanctions identify individuals accused of being linked to Yevgeniy Prigozhin, the Russian oligarch accused of supporting the IRA.

