Russian infosec firm Positive Technologies trying to stay positive after US sanctions
Positive Technologies has hit back at the US government’s “groundless accusations” that it helped the Russian state carry out cyber attacks against the West – by highlighting how “government agencies of different countries” use its products.
Yesterday the US Treasury declared that Positive was selling weaponised infosec tech to the Russian government and ran recruiting events for state hacking agencies, which some Western news outlets have interpreted as meaning the company’s flagship Positive Hack Days events.
Rejecting all this in a lengthy statement posted to its website this afternoon, Positive said: “Our global mission is to create products and technologies to improve cybersecurity around the world and to ensure conditions for the most efficient prevention of cyberattacks for the benefit of society, business, and government agencies.”
It also highlighted how “the government agencies of different countries” use its infosec products, a statement that might not be as reassuring as the company hopes if the US denunciation of it is taken at face value.
Positive specialises in mobile network security – a sensitive area likely to be of great interest to any government, let alone one keen on using newly discovered exploits as weapons. Russian digital aggression over the years is well known, while Western reactions to non-Western companies operating on their turf was brought into sharp focus with the anti-Huawei drive over the past few years.
The MIT Technology Review alleged, citing “previously unreported US intelligence assessments” it had apparently seen, that Positive “develops and sells weaponised software exploits to the Russian government.” No proof was offered to back up this claim, much like how the US government strenuously insisted that Huawei was a weaponised arm of the Communist Chinese state.
One could compare Positive to FireEye: both companies are good at what they do and both enjoy close working relationships with their home governments. With Americans now banned from doing business with Positive, it’s unclear whether the company’s research into Intel and VMware vulns (with a report into the latter being published only this week) will continue to be publicly disclosed.
Positive has a fair-sized presence in the UK; for instance, it listed Sky Mobile, a British MVNO, as a customer. Sky Mobile operates across O2’s infrastructure. None of Britain’s four main mobile network operators responded, however, when we asked yesterday if they used Positive’s products in their networks.
Tony Cole, CTO of Attivo Networks and an Obama-era US cybersecurity policy official, told The Register that the wider effects of the sanctions against Russia were likely to be “minimal” in the short term.
He said: “The impact from all the actions taken by the US government [is] undetermined at this point in time. Although the actions are badly needed by the US and its allies to hopefully counter Russian aggression, many past efforts, sanctions, and plans, have had little impact. Actions by Russian and Chinese state based actors or their proxies (and other nations) have been taking place for many years and efforts in the past to counter them have stuttered, stalled, or just completely failed. A close-knit global effort is required to have an impact on these government actors and entities to stop their IP theft, meddling in elections, and compromising critical infrastructure.”
“Unless we are willing to make them an island via isolation,” he continued, referring to Russia, “these types of actions will likely continue. The effort from the US government should be applauded for calling them out, however the impact may end up being minimal.”
Although the UK and Canada joined America in ticking off Russia for carrying out the SolarWinds attack via the APT29 state-backed hacking crew (aka Russian intelligence), neither Commonwealth nation imposed formal sanctions on the firm. For now, at least, there’s still something for Positive to be positive about.
Read the original article by Gareth Corfield on The Register.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise