The Biden administration on Thursday imposed “sweeping” sanctions on Russia over a historic cyberattack that impacted multiple government agencies and major businesses, as well as its interference in U.S. elections.
President Joe Biden’s executive order imposes sanctions on 32 organizations or people it believes were involved in election meddling and names six companies that allegedly aided the Russian government in cyberattacks against the U.S. and other related activities.
“The President signed this sweeping new authority to confront Russia’s continued and growing malign behavior,” Treasury Secretary Janet L. Yellen said in a statement. “Treasury is leveraging this new authority to impose costs on the Russian government for its unacceptable conduct, including by limiting Russia’s ability to finance its activities and by targeting Russia’s malicious and disruptive cyber capabilities.”
Specifically, the executive order directs the U.S. Treasury Department to prohibit American financial institutions from “participating in the primary market for ruble or non-ruble denominated bonds issued after June 14, 2021, by the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation.” U.S.-based financial institutions are also prohibited from lending money to these entities.
In a letter announcing the executive order, Biden further detailed his reasons for taking action against Russia:
I have determined that specified harmful foreign activities of the Government of the Russian Federation — in particular, efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners; to engage in and facilitate malicious cyber-enabled activities against the United States and its allies and partners; to foster and use transnational corruption to influence foreign governments; to pursue extraterritorial activities targeting dissidents or journalists; to undermine security in countries and regions important to United States national security; and to violate well-established principles of international law, including respect for the territorial integrity of states — constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.
The U.S. also formally accused Russia’s Foreign Intelligence Service (SVR)—popularly known in the cybersecurity world as APT 29 or Cozy Bear—for the hack of SolarWinds’ Orion platform, a cyber-espionage campaign that the White House says impacted some 16,000 networks worldwide due to the network-management software’s widespread use. The attack reportedly included network intrusions of multiple Fortune 500 companies, as well as the Department of Homeland Security, and the Treasury and Commerce Departments. While the U.S. intelligence community said in early January that Russia’s involvement was “likely,” the White House now says it has “high confidence” that SVR carried out the SolarWinds hack.
“The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident,” the White House said on Thursday.
As such, the executive order designates six companies the U.S. says provides support to Russian intelligence agencies. The companies include ERA Technolopolis, a research center funded by the Russian Ministry of Defense; Pasit and SVA, two companies said to provide research for SVR; Neobit and AST, cybersecurity firms that provide services for Russia’s Ministry of Defense, Federal Security Service (FSB), SVR, and the Main Intelligence Directorate (GRU); and Positive Technologies, a third security firm that provides services for FSB and “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” according to the Treasury Department.
The Treasury Department further warned that SVR stole “red team tools,” which are used to help companies prepare for cyberattacks, from a U.S. security firm. “These tools, if made public or used offensively by the SVR or other actors, would create additional opportunities for malign actors to target computer systems worldwide,” the department said.
Beyond the sanctions, the U.S. will also expel 10 diplomats from the Russian mission in Washington, DC.
Thursday’s action against Russia follows sanctions that the U.S. and the European Union issued against the country in March for the poisoning of Russian opposition leader Alexei Navalny, who is currently imprisoned. It also comes as Russia began amassing troops along the border with Ukraine, raising the specter of invasion of the Crimean Peninsula. Eight people or entities have also been sanctioned for Russia’s occupation of Crimea. While Biden held a call with Russian President Vladimir Putin on Tuesday to discuss the escalating tensions with Ukraine, Russia’s government warned the U.S. the same day not to send warships to the Black Sea “for their own good.”