Cybersecurity Politics World

U.S. Says Russian Cyber Firm Provided Venue for Recruiting Spies

The U.S. government said that conferences operated by a well-known cybersecurity vendor serve as recruitment grounds for Russian intelligence, and accused the company of supporting the Kremlin’s spy agencies.

The Treasury Department said Thursday that Moscow-based Pozitiv Teknolodzhiz AO, known as Positive Technologies, along with five other Russian research centers and companies, aided the country’s intelligence services in honing their cyber capabilities for operations such as the breach of SolarWinds Corp. software discovered late last year.

The Treasury Department imposed sanctions on the firm as part of a broader executive order by President Biden on Russia that authorized financial penalties and diplomatic expulsions.

The SolarWinds cyberattack, which U.S. officials say was part of an espionage campaign, affected at least nine federal agencies and about 100 private-sector organizations.

The overall intent of these sanctions is to disrupt the Kremlin’s ability to develop and finance future cyber operations, Treasury Secretary Janet Yellen said. But some cybersecurity experts said that the Treasury’s actions will have limited impact in deterring aggression from state-backed hackers.

The inclusion of Positive Technologies, which didn’t respond to requests for comment, is notable due to its extensive client list of Western and Asian companies, including major banks, tech companies and telecom firms.

Among them are financial-services companies such as ING Groep NV and Allianz SE, along with South Korean tech giant Samsung Electronics Co. Ltd. None of the firms responded to requests for comment.

Positive Technologies was founded in 2002 and employs more than 1,000 people, according to its LinkedIn page. Reuters reported last month that the firm is considering a public listing in Moscow.

Since 2011, it has hosted a yearly conference in Moscow known as Positive Hack Days, featuring presentations and cybersecurity exercises. The Treasury Department didn’t name Positive Hack Days specifically in its announcement Thursday, but it said Positive Technologies “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” referring to Russia’s domestic and military intelligence agencies, respectively.

The FSB and GRU, which are separate from the Russian intelligence agency that U.S. officials say led the SolarWinds hack, didn’t respond to a request for comment. The Kremlin has denied involvement in election interference and the attack on SolarWinds.

This year’s Positive Hack Days, due to take place in May, had attracted sponsorship from U.S. technology companies, including Hewlett Packard Enterprise Co. , McAfee LLC, Trend Micro Inc. and Broadcom Inc. -owned Symantec.

A spokesman for HPE said that the company would no longer be involved with the event, and a Trend Micro spokesperson said the company is reviewing the situation. Symantec and McAfee didn’t immediately respond to requests for comment.

Some cybersecurity specialists questioned the inclusion of Positive Technologies’ conferences in the sanctions announcement, and said that U.S. law enforcement and spy agencies also frequently recruit on the cybersecurity event circuit.

“So much so that ‘Spot the Fed’ has become a regular game,” said Chris Morales, chief information security officer at cloud and security firm Netenrich Inc. “It’s a known thing that they recruit and monitor activities. Everyone just sort of mingles like it’s neutral ground.”

The Treasury Department didn’t respond to a request for additional details on how it believes Russian intelligence services recruited at Positive Technologies-operated events.

In addition to cybersecurity products, the company also is known for its research into security flaws. Positive Technologies said on its blog in recent weeks that it had identified vulnerabilities in products or services run by U.S. firms such as the cloud software company VMware Inc. and International Business Machines Corp. Neither company immediately responded to requests for comment on Thursday.

The U.S. government has previously penalized Russian cyber vendors on national security grounds.

In 2017, President Donald Trump signed into law a governmentwide ban on software made by Moscow-based antivirus company Kaspersky Labs, which went into effect in November 2019. Kaspersky is also a sponsor of Positive Technologies’ event this year and a technology partner, according to Positive Technologies’ website.

A spokeswoman for Kaspersky said that the company would review the designations and comply with all applicable laws regarding its participation in the conference. She reiterated the company’s stance that previous actions taken against it by the U.S. government were based on unsubstantiated allegations.

The actions announced Thursday could send a message to Moscow and other power centers that state-backed hackers and their associates will face consequences in the U.S., said Raja Mukerji, co-founder of Seattle-based cyber analytics firm ExtraHop Networks Inc.

But he added the penalties will do little to diminish the Kremlin’s broader cyber capabilities, given the difficulties in regulating internet activity and a lack of agreed-upon international norms around unacceptable behavior.

“I don’t think the sanctions will prevent this kind of activity,” he said.

Source: WSJ

Leave a Reply