The Trump administration on Thursday imposed fresh sanctions on Russian government hackers and spy agencies to punish Moscow for interfering in the 2016 presidential election and for a cyberattack against Ukraine and other countries last year that officials have characterized as “the most destructive and costly” in history.
Sanctions also were imposed on individuals known as “trolls” and the Russian organizations — including the Internet Research Agency — that supported their efforts to undermine the election. Additionally, the administration alerted the public that Russia is targeting the U.S. energy grid with computer malware that could sabotage its systems.
Taken together, the moves represent the administration’s most aggressive actions to date against Russia for its incursions against the United States, though analysts say their impact is mostly symbolic and noted that a number of the individuals and groups had already been subject to sanctions. Nonetheless, officials hope the actions will help deter tampering with this year’s midterm elections while signaling to Russia that Washington will not allow its attacks to go unchallenged.
“The administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyberattacks, and intrusions targeting critical infrastructure,” Treasury Secretary Steven Mnuchin said in a statement. “These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia.”
The sanctions stand in contrast to President Trump’s personal reluctance to blame the Kremlin for its interference in the 2016 presidential race despite the U.S. intelligence community’s conclusion that Moscow did so.
They come after the United States, France and Germany joined Britain in denouncing Russia for a brazen poison attack that has left a former Russian spy and his daughter comatose in a Salisbury, England, hospital. On Wednesday, Britain expelled 23 Russian diplomats in retaliation.
The outgoing head of the National Security Agency and U.S. Cyber Command has warned that if the United States does not take punitive or deterrent action against Russia, its malicious activity will continue.
Those targeted by the new sanctions may not travel into the United States, and all their assets under U.S. jurisdiction are frozen. U.S. individuals are barred from engaging in transactions with them. Mnuchin said his department intends to impose additional sanctions to hold Russian officials and oligarchs “accountable for their destabilizing activities by severing their access to the U.S. financial system.”
Russia’s deputy foreign minister, Sergei Ryabkov, told the Interfax news agency Thursday that Moscow was prepared for the new round of sanctions. He dismissed them, saying they are part of a U.S. effort to destabilize Russia’s presidential election on Sunday. Moscow will craft a response, he said.
In all, the new sanctions target 19 people and five organizations — though six of the people and four of the groups had been previously hit with sanctions, most under the Obama administration. Many were indicted last month by special counsel Robert S. Mueller III, who is investigating Russian interference in the 2016 U.S. election and whether the Trump campaign coordinated with the Kremlin to sway the race’s outcome. Mueller accused 13 individuals and three entities of spreading propaganda using social media and other means, with the goal of sowing discord.
[Russian troll farm, 13 suspects indicted in 2016 election interference]
A separate set of sanctions was imposed on two Russian spy agencies. Officials said the FSB, a successor to the KGB, used its cyber tools to target U.S. government officials, including cybersecurity, diplomatic, military and White House personnel. The other is the GRU, a military spy organization, which officials said was “directly involved in interfering in the 2016 U.S. election” through cyber activities.
Those sanctions mark the first use of a law Congress passed in June to, among other things, punish Russia for its election-year interference. Trump, after balking, finally signed the law but issued two statements saying that he believed the legislation was “seriously flawed.” In January, as the law required, the administration released a widely anticipated report on Russian oligarchs, but it was dismissed by critics in Congress and by former Obama administration officials as a “cut and paste” job from open sources with no substance to it.
The GRU also was behind a June 2017 cyberattack, delivered through a mock ransomware virus dubbed NotPetya, that wiped data from the computers of banks, energy firms, senior government officials and an airport. On Thursday, the U.S. government imposed sanctions on the GRU and six of its senior officials in response to that attack.
NotPetya hit systems in Ukraine the hardest and was viewed as an effort to disrupt that country’s financial system amid its ongoing war with separatists loyal to the Kremlin. U.S. companies, including shipping giant FedEx and the pharmaceutical firm Merck, also were affected, losing hundreds of millions of dollars in earnings. To date, the attack has cost companies around the world $1.2 billion in revenue, according to the cybersecurity firm Cybereason. One U.S. official put the toll at $10 billion.
“Today’s announcement is largely a name-and-shame exercise to show the Kremlin that the United States is closely following what it is doing,” said Andrew Weiss, a Russia expert at the Carnegie Endowment for International Peace. “Given that deniability is a key part of the Russian playbook, there’s a question about whether that works. So far the pattern is not great. We keep seeing bad behavior by Moscow.”
The sanctions “have no bite,” said Michael Carpenter, a former Pentagon and White House official who worked on Russia policy. “Such narrowly targeted sanctions don’t impact Russia’s economy at all, and that seems to have been the administration’s intent. Russia’s intelligence services don’t exactly have retail bank accounts in the United States, and so this will have a negligible impact on their operations.”
Carpenter also decried the administration’s “mixed messaging strategy” in which “Cabinet-level officials have ventured forth to condemn Russia’s subversion of democratic institutions, but the president himself continues to refrain from personally saying anything negative” about his counterpart, Vladimir Putin.
Russia’s mounting aggression in cyberspace is part of a larger “hybrid warfare” strategy that marries traditional military means with digital tools to achieve its goal of regional dominance.
The Treasury Department noted that it continues to pressure Russia over its ongoing efforts to destabilize Ukraine and occupy Crimea, as well as its “endemic corruption and human rights abuses.” To date, officials said, the administration has imposed sanctions on more than 100 individuals and entities under authorities specific to Ukraine and Russia.
Eric Rosenbach, a senior Pentagon official in the Obama administration, said it was “extremely important” to impose sanctions on Russia in response to the NotPetya attack. “The United States cannot stand by and watch the Russians use Ukraine as a cyber test range for destructive malware that then proliferates,” said Rosenbach, now director of the Defending Digital Democracy Project at Harvard University’s Belfer Center.
The six GRU officials targeted for sanctions are Chief Igor Korobov, First Deputy Chief Igor Kostyukov, Deputy Chief Sergey Gizunov, First Deputy Chief Vladimir Alexseyev and senior officials Sergei Afanasyev and Grigoriy Molchanov.
The two spy agencies and five of the GRU officials were sanctioned in December 2016 by the Obama administration. Those efforts have yielded little fruit. To have impact, the sanctions need to target the financial sector, said Carpenter, now senior director of the Penn Biden Center for Diplomacy and Global Engagement. “Applying ‘blocking sanctions’ on just one of Russia’s top banks would have an immediate and consequential effect,” he said, by barring all transactions with that bank through the Western financial system.
In a separate move, the Department of Homeland Security and the FBI are warning the public about Russian attempts since at least March 2016 to compromise the energy sector and other critical industries, including water, aviation, critical manufacturing and energy. Accompanying the alert are malware “indicators” to help companies detect Russian intrusions.
The joint alert “is a wake-up call” for industry and “a reminder that . . . our defense needs to constantly evolve,” said Amit Yoran, a former DHS official and now chief executive of Tenable, a cybersecurity firm.
Matthew Bodner in Moscow contributed to this report.