Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Sanctioned Russian IT Firm Was Partner With Microsoft, IBM

The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in “dangerous and disruptive cyber attacks.”

The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in “dangerous and disruptive cyber attacks.”

But only one of them stands out for its international footprint and partnerships with such IT heavyweights as Microsoft and IBM.

That company, Positive Technologies, claims more than 2,000 customers in 30 countries, including major European banks Societe Generale and ING, as well as Samsung, SK Telecom of South Korea and BT, the British telecommunications giant.

Its clients also include the FSB, a successor to the KGB that “cultivates and co-opts criminal hackers” who carry out ransomware and phishing attacks, the Treasury Department said. The U.S. said big conventions hosted by Positive Technologies are “used as recruiting events” by the FSB and the GRU, Russia’s military intelligence agency.

GRU agents are the swashbucklers of Russian intelligence. The agency stands accused of spearheading the hack-and-leak operation that interfered in the 2016 U.S. presidential election to favor Donald Trump. Its agents also conducted the most damaging cyberattack on record, the runaway 2017 NotPetya virus that did more than $10 billion in global damage, its victims including the shipping giant Maersk and pharmaceutical company Merck.

The CEO of the software industry-supported Internet Research Institute in Moscow, Karen Kazaryan, said he was not familiar with most of the Russian IT companies sanctioned on Thursday. But Positive Tech is well-known in the industry for its annual Hack Days conference, which is scheduled for May 20-21 at a Moscow hotel.

Former CIA analyst Michael van Landingham applauded the naming and sanctioning of Russian IT companies known to have aided and abetted malign government activity.

“Naming specific companies can create incentives for educated and skilled Russians who might be able to obtain jobs elsewhere where they don’t support Russian state hacking,” he said.

Advertisement. Scroll to continue reading.

Positive Tech’s specialty is identifying vulnerabilities in popular software such as Microsoft’s Windows operating system. The world’s intelligence agencies regularly lean on companies like it not to disclose potent vulnerabilities publicly when they find them but to instead quietly share them for hacking adversaries’ networks.

The U.S. did not accuse Positive Technologies of any such behavior and the Treasury Department declined to answer questions about the company’s activities beyond a press release.

Microsoft would not offer details on the the company’s business relationship with Positive Tech but did say it would comply with the sanctions. Spokesmen also said the company was removing Positive Tech from a list of more than 80 security software providers to which it gives early access to vulnerability information so they can make sure their customers get patches quickly. IBM also lists Positive Technologies as a security partner, offering customers one of its scanning tools.

IBM didn’t respond to requests for comment Thursday. Neither did U.S. tech companies HP and VMware, which Positive Technologies lists as technology partners.

On its website, Positive Technologies lists Russia’s Defense Ministry as among its first major clients, in 2004 when it was two years old with just 11 employees. It claimed more than 800 employees in 2018.

Russia’s biggest business database lists the company’s CEO and founder as Yury Maximov, about whom little is known other than he graduated from Moscow State University. The company did not respond to questions sent to press contacts on its website.

Positive Tech’s website boasts of a number of accomplishments, such as providing cybersecurity for the 2018 soccer World Cup hosted by Russia and publishing data that same year on 30 high-risk vulnerabilities. It said it opened its first international office in London in 2010 and its first U.S. office in 2012.

The company has sometimes used Framingham, Massachusetts, as its U.S. location in news releases, though it’s not recorded in city or state records as a business by that name. An office building with an address linked to the company is a co-working space that can be rented on flexible terms for “one person or more.”

Market research firm IDC listed Positive Technologies as one of the fastest-growing companies in security and vulnerability management in 2012, in part because it was so small at the time, growing nearly 82% year-over-year to $30 million in worldwide revenue. Nearly all that revenue came from assessing vulnerabilities. But by 2015, its worldwide revenues fell 37.6% to $26.5 million, according to IDC, which eventually stopped tracking the company.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...