Treasury Department hits Russian disinformation operators with sanctions

The Treasury Department announced a swath of sanctions on Russian companies and individuals on Friday, including a handful of entities connected to cybersecurity and disinformation operations with links to Russia’s intelligence services. 

The move by the Office of Foreign Assets Control especially targets Russia’s mining and minerals sector, but also goes after a range of technology companies and executives, with some having direct links to the sorts of disinformation operations that have targeted U.S. elections.  

These include 0Day Technologies – which created a powerful botnet and dashboard for running social media disinformation campaigns for the Federal Security Service (FSB) – and the companies Lavina Puls and Inforus, both of which “have provided technical support to malign influence operations conducted by the GRU [Main Intelligence Directorate], including the management of false social media personas,” OFAC said.

“Over the past year, we have taken actions with a historic coalition of international partners to degrade Russia’s military-industrial complex and reduce the revenues that it uses to fund its war,” said Treasury Secretary Janet Yellen in a statement accompanying the announcement. 

The technology entities were sanctioned following an executive order signed by President Joe Biden in April 2021, which sought to punish Russia for interfering in domestic politics and for launching cyberattacks. 

The sanctions forbid companies and people within the U.S. from doing business with the listed entities and blocks their access to property on U.S. soil. In many cases, the sanctions are largely symbolic, given that companies associated with the Russian government are unlikely to do business in the U.S.

Lavina Puls and Inforus

Perhaps the most prominent name in the cybersecurity space to be included on the list is Andrey Igorevich Masalovich, the CEO of Lavina Puls and Inforus. Masalovich is a former lieutenant colonel in the Federal Agency of Government Communications and Information (FAPSI) and his companies are credited with designing “malign influence” tools for Russia’s foreign intelligence agency, the GRU. 

According to numerous reports by Intelligence Online, Masalovich has been shopping around Lavina Puls’ Avalanche technology, used for data collection and analysis, throughout Asia, including in Vietnam, Indonesia and Myanmar. It has already been used in Azerbaijan and Tajikistan, Intelligence Online reported. 

“The United States and its allies will continue to take action to ensure that those who seek to export the Russian government’s brand of authoritarianism cannot do so with impunity,” OFAC wrote in announcing the sanctions against Masalovich. 

0Day Technologies and other disinformation operators

Described by the Treasury as a “Moscow-based cybersecurity consulting firm,” 0Day Technologies received wide attention after a hacktivist group leaked its files in 2020, revealing that as a subcontractor with the Russian government it had developed a botnet used “for coordinated inauthentic behavior on a massive scale,” the cybersecurity intelligence company Nisos reported. 0Day’s technology included a dashboard, called SANA, which can be used to create inauthentic social media accounts and to coordinate influence operations. 

The OFAC announcement accused the company of having “provided databases of western nation citizens’ personally identifiable information to Russian intelligence.”  

Another sanctioned company, Iteranet, has links to the disinformation world, having reportedly won three contracts in 2012 from the Foreign Intelligence Service for monitoring and influencing the “blogosphere” and “mass dissemination of information messages in order to form public opinion.” The company subsequently denied that it was involved in the projects. 

OFAC’s designation does not mention such influence operations, saying instead that Iteranet “has helped the Government of Russia circumvent U.S. sanctions by purchasing U.S.-origin equipment on behalf of sanctioned end-users.”

Another company, Moscow-based Forward Systems, R&DC, is accused of developing “specialized software and algorithms” for a wing of the GRU involved in “offensive cyber operations.” Meanwhile, the St. Petersburg company ZAO Akuta also allegedly provided support for a telecommunications system for a new GRU facility.   

In total, the Departments of State, Commerce and Treasury announced sanctions on more than 200 Russian entities on Friday to coincide with the one-year anniversary of the invasion of Ukraine.  

Even before the Russian invasion of Ukraine one year ago, the U.S. government had begun imposing sanctions in response to Russian cyber activity. In April 2021, President Biden accused the Russian government of having perpetrated the SolarWinds hack while announcing sanctions on 32 people and entities connected to U.S. election interference.