U.S. Restricts Exports to Sanctioned Russian Entities

Hackers participate in a competition hosted by Positive Technologies, which was sanctioned in April and added recently to a U.S. export controls list. (Source: Positive Technologies)

By Abigail Buhrman

Wednesday, July 21, 2021

The U.S. Commerce Department last week placed export restrictions on four Russian information technology firms and two institutes that were previously sanctioned for supporting Russian intelligence services. 

The six entities were designated by the U.S. Treasury Department in April under a sweeping new executive order that was part of a package of actions intended to counter actions by the Russian government and its intelligence services, the White House said at the time. 

The move by the Commerce Department, intended to complement the Treasury’s previous action, prevents any items subject to U.S. export controls from being transferred to the listed entities without proper licensing, regardless of whether the transaction involves a U.S. person or the U.S. financial system, according to the final rule. No license exceptions will be available for transfers, the rule said. 

The Commerce Department listed the entities “to ensure the efficacy of existing sanctions on Russia that target aggressive and harmful activities by the Russian government,” the final rule said.

Some of the sanctioned Russian firms had continued to gain access to U.S.-produced hardware and software after their designation, Kharon reported in June

Positive Technologies, an information security software developer that was included in both Treasury’s and Commerce’s designations, has continued to identify vulnerabilities in products from large U.S. and European manufacturers, according to its website.

The company earlier this month announced it had identified a vulnerability in a U.S.-manufactured network security management system that allowed an attacker to gain full control over the product. The U.S. manufacturer patched the vulnerability in May, according to the Positive Technologies announcement and an advisory issued by the U.S. firm. 

Positive Technologies has pressed on with its business in the wake of the April designation; the company held its annual information security conference in May, and intends to move ahead with its plans for an IPO on the Moscow Exchange, Kharon reported

Yuriy Maksimov, the company’s main shareholder, recently stepped down from his role as director general to lead Positive Technologies’ future board of directors, according to the company’s website. His replacement, Denis Baranov, who will take over the position in August, has said the sanctions “do not significantly affect” the company, the Russian media outlet Kommersant reported. 

Other firms listed by Commerce and the Treasury have transferred U.S. computer components to Russian military interests, according to a review by Kharon.  

Advanced System Technologies (AST) provides a variety of information security solutions to its clients, including integrating information systems, maintaining and securing IT infrastructure, and developing electronic document management systems, according to its website. 

The company earned RUB 520 million (then about USD 8.4 million) in 2019, Russian media reported, and it was listed by the business portal TAdviser as one of the top 10 technology suppliers for the Russian military-industrial complex, based on that year’s revenue. 

AST names several multinational corporations based in the U.S. and elsewhere among its partners and clients, its website shows. From 2016 to 2018, AST supplied processors and hard drives produced by large U.S. technology firms to Scientific Production Center Delta, a state unitary enterprise under the control of Russia’s foreign intelligence service (SVR), according to tender data reviewed by Kharon. The U.S. attributed responsibility to SVR for the hack of SolarWinds, a Texas-based software firm.

Scientific Production Center Delta, which has developed its own proprietary operating system, among other IT security products, was established to produce “special technical means to ensure the security of the Russian Federation,” according to its website. Pasit, another IT firm listed by the Treasury and Commerce, serviced the production center in 2017, while Neobit, also sanctioned, lists the center among its customers and partners, according to trade data and a company website.

High-level leadership at AST are also involved in the supply of sensitive Western tech to Russian military interests, Kharon found. Three current and former AST executives together own 50 percent of another firm, Automated Systems and Technology OOO, which itself has sent Western equipment to Russian military end users, tender data and corporate records show.

In 2017, Automated Systems and Technology delivered printers and other office software manufactured by U.S. firms to a department of the Federal Security Service (FSB), a Russian intelligence agency sanctioned multiple times. 

A year later, Automated Systems and Technology sent switches made by a U.S. software company to Rosoboronexport, a state-owned weapons trading company sanctioned by the U.S., and provided more than RUB 50 million in video equipment to the Russian Ministry of Internal Affairs’ operational search bureau, records show. Some of the U.S. companies whose products were delivered are listed partners of the sanctioned AST, according to its website.