The U.S. Department of the Treasury has sanctioned 12 Kaspersky Lab employees holding executive and leadership roles in the firm, citing “continued cybersecurity risks.”
That might lead to personal information stored on devices with the company’s antivirus software getting into the hands of Russian authorities, the commerce department said.
The sanctioned individuals include four members of Kaspersky’s board of directors, including the chief business development officer, chief legal officer, and chief operating officer. The CEO wasn’t sanctioned.
“As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC,” the Treasury said.
“In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.”
The sanctions prevent U.S. citizens or those within the United States from engaging in any transactions that involve the property of the sanctioned individuals.
“Neither Kaspersky nor its management team has any ties to any government, and we consider the allegations quoted by the OFAC as pure speculation, which lacks concrete evidence of a threat posed to U.S. national security,” the firm said.
“None of the listed members have any ties to the Russian military and intelligence authorities or have anything to do with the Russian government’s cyber intelligence objectives.”
Brian E. Nelson, the undersecretary of the Treasury for terrorism and financial intelligence, justified the sanctions against Kaspersky leadership, saying it shows the department’s commitment to maintaining the integrity of the U.S. cyber domain and to protecting citizens from “malicious cyber threats.”
Kaspersky Threat
In the action against Kaspersky, the Commerce Department found that Kaspersky has the ability to install malicious software on its customers’ computers or to selectively deny updates. That could leave American citizens and U.S. critical infrastructure vulnerable to malware attacks, the agency’s bureau of industry and security said.Kaspersky’s software also is integrated into third-party products and services. As such, people who use third-party products could unknowingly introduce Kaspersky’s programs into their devices or networks, thus potentially compromising personal data, the bureau stated.
Kaspersky has said it has implemented “significant transparency measures” to ensure the firm’s trustworthiness, and that its measures are “unmatched” by any of its peers in the cybersecurity industry.
The Commerce Department’s ban “unfairly ignores the evidence,” Kaspersky said. “The company intends to pursue all legally available options to preserve its current operations and relationships.”
The German agency warned at the time, “In the context of the war that Russia is waging against Ukraine, a Russian IT manufacturer could itself carry out offensive operations, or be forced against its will to attack target systems, or be spied on as the victim of a cyber operation without its knowledge, or be misused as a tool for attacks against its own customers.”