US Gov Adds Kaspersky to the Entity List 27 Months after it Was Added to the Covered List

• The US government has banned all products from Kaspersky Lab, a subsidiary of its Russia-based parent company, and has sanctioned 12 of its executives.
• The decision comes 27 months after Kaspersky Lab was added to the Federal Communications Commission’s Covered List in March 2022.

A day after the US Department of Commerce’s Bureau of Industry and Security (BIS) banned cybersecurity company Kaspersky LabOpens a new window , the Department of the Treasury’s Office of Foreign Assets Control (OFAC) instituted sanctions on 12 executives of the Russia-linked company.

Citing national security concerns, the ban prohibits the “resale of Kaspersky cybersecurity or anti-virus software, integration of Kaspersky cybersecurity or anti-virus software into other products and services, or licensing of Kaspersky cybersecurity or anti-virus software for purposes of resale or integration into other products or services” in the United States, and will take effect beginning on July 20, 2024. End users, including US citizens and businesses, will still have access to the Kaspersky Security Network through September 29, 2024. After 12:00 AM on September 29, the company can no longer provide updates to anti-virus signatures or the codebase to “any US person’s information technology system.” These antivirus and other cybersecurity software updates are essential for keeping threat actors at bay, as they impart the latest malware identification libraries, a lack of which effectively renders them useless.

Kaspersky Lab was added to the FCC’s covered List in March 2022, alongside China Mobile and China Telecom. Inclusion in the Covered List prevents US persons and businesses from purchasing equipment from entrants, which also include Huawei, ZTE, Hytera Communications, Hangzhou Hikvision Digital, Dahua Technology, Pacific Networks, and Pacific Unicom.

However, AO Kaspersky Lab, OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) have been added to the Entity List as part of the sanctions “for their cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives.”

Secretary of Commerce Gina Raimondo said, “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive US information, and we will continue to use every tool at our disposal to safeguard US national security and the American people.”

See More: US Government Sanctions Cybercrime Network Using Free VPN Services for Proxy Botnet

Meanwhile, the sanctions on Kaspersky executives, which curiously omit co-founder and CEO Eugene Kaspersky from the list, prohibit all individuals and businesses in the US from conducting business with any of the dozen executives.

The list includes COO and board member Andrei Gennadyevich Tikhonov, chief legal officer (CLO) and board member Igor Gennadyevich Chekunov, CTO Anton Mikhaylovich Ivanov, head of Kaspersky OS business unit Andrei Anatolyevich Suvorov, VP and director of Future Technologies Igor FDukhvalov, and others.

Sanctioned Kaspersky Executives

Source: Department of Treasury

Kaspersky,  which has grown since its founding in 1997 to operate across 31 countries and provides cybersecurity and anti-virus products and services to over 400 million users and 270,000 corporate clients in over 200 countries, dismissed the ban, stating it is based on theoretical claims motivated by geopolitical tensions.

“Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships,” Kaspersky Lab stated.

Meanwhile, CEO Eugene Kaspersky took to his blog post to express his disapproval of the US government’s actions, calling them based on meritless accusations. “I guess the good news is that US government sales have not been a significant part of the company’s activity in North America. So, while unfortunate, we’ll continue to keep our focus on protecting our real customer base, enterprises and consumers,” Kaspersky wrote.

Editor’s note: Article has been updated to clarify that Kaspersky cannot sell cybersecurity products or services in the US beginning July 20, 2024. We incorrectly reported that end users could not use products or services on that date. US users will no longer have access to the Kaspersky Security Network, which includes anti-virus signature updates and codebase updates, after 12:00 AM Eastern on September 29, 2024.

MORE ON CYBERSECURITY SANCTIONS

• Exposed and Condemned: Russian Lockbit Ransomware Ringleader Revealed, Indicted, Sanctioned, and Banned
• TikTok One Step Closer To Getting Banned in the US After Senate Passes Bill
• U.S. FTC Votes to Ban Non-Compete Agreements, Faces Legal Challenges