The Biden administration announced sanctions against 12 executives and senior leaders of Kaspersky Lab, a Russia-based cybersecurity company, on Friday. The announcement comes on the heels of the Commerce Department’s ban on the sale of Kaspersky’s antivirus software in the US, citing national security concerns.
“Today’s action against the leadership of Kaspersky Lab underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, in a statement. The sanctions make it harder for these individuals to start businesses in the US. As TechCrunch notes, CEO and founder Eugene Kaspersky is not on the list of sanctioned individuals, nor is the company itself.
On Thursday, the Commerce Department banned Kaspersky from conducting new business in the US. The ban also prohibits existing users of Kaspersky’s antivirus software from downloading software updates. Those using Kaspersky’s software have until September 29th to find alternatives. In a press release, the Commerce Department urged anyone using Kaspersky software to “expeditiously transition to new vendors to limit exposure of personal or other sensitive data to malign actors due to a potential lack of cybersecurity coverage.”
The individuals sanctioned by the Treasury Department include members of the boards of directors of Kaspersky Lab and Kaspersky Group. The Commerce Department placed Kaspersky’s US, Russian, and United Kingdom operations on its Entity List over their “cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives.”
In 2017, The Wall Street Journal reported that Russia stole classified information from the personal computer of a government contractor. The contractor, who was working with the National Security Agency, had improperly stored the files on his personal computer, on which Kaspersky’s antivirus software was installed. In a statement to The New York Times, Kaspersky denied knowledge of or involvement in the incident. Later that year, the Department of Homeland Security forbade all federal agencies from using Kaspersky products on government servers.