By Karen Freifeld
WASHINGTON (Reuters) -The United States on Friday took a new stab at Russia’s cybersecurity industry, restricting trade with four information technology firms and two other entities over “aggressive and harmful” activities – including digital espionage – that Washington blames on the Russian government.
A Commerce Department posting said the six entities were sanctioned by the U.S. Treasury Department in April, which targeted companies in the technology sector that support Russian intelligence services.
Their addition to the Commerce Department’s blacklist means U.S. companies cannot sell to them without licenses, which are seldom granted.
The announcement follows April’s sanctions, which were aimed at punishing Moscow for hacking, interfering in last year’s U.S. election, poisoning Kremlin critic Alexei Navalny and other alleged malign actions – allegations the Kremlin denies.
They come as the United States is responding to a drumbeat of digital intrusions blamed on Russian government-backed spies and a spate of increasingly disruptive ransomware outbreaks blamed on Russian cybercriminals.
The entities added to the blacklist are Aktsionernoe Obshchaestvo AST; Aktsionernoe Obshchestvo Pasit; Aktsionernoe Obshchestvo Pozitiv Teknolodzhiz, also known as JSC Positive Technologies; Federal State Autonomous Institution Military Innovative Technopolis Era; Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA); and Obshchestvo S Ogranichennoi Otvetstvennostyu Neobit.
Era is a research center and technology park operated by the Russian Ministry of Defense; Pasit is an IT company that did research and development in support of Russia’s Foreign Intelligence Service’s malicious cyber operations; SVA is a Russian state-owned institution that also supported malicious cyber operations; and Russia-based IT security firms Neobit, AST and Positive Technologies have clients that include the Russian government, according to the United States.
Positive Technologies said the Commerce Department’s announcement had no new information and that the company engaged in the “ethical exchange of information with the professional information security community” and had never been involved with an attack on U.S. infrastructure.
The other entities either did not immediately respond to requests for comment or could not be reached.
The restrictions against the Russian technology industry have been in the works for months. The same day that the Treasury sanctions were announced, then-Assistant Attorney General John Demers told reporters that officials were in the process of evaluating dozens of Russian companies for possible referral to the Commerce Department.
Demers said investigators would be looking at “a known connection between a particular company and the Russian intelligence services” as they evaluated whether a company was a risk. Non-Russian companies that had back office operations in Russia would also be examined, he said.
The United States adds entities to the Commerce Department’s trade blacklist that it says pose a risk to U.S. national security or foreign policy interests.
(Reporting by Karen Freifeld; additional reporting by Raphael Satter in Washington and Anton Zverev in Moscow; editing by Howard Goller and Dan Grebler)