Treasury Department sanctions four Ukrainians allegedly involved in Russian influence attempts

The US Treasury Department announced sanctions against four Ukrainians accused of helping further Russian attempts to destabilize Ukraine and build support for an eventual invasion. 

The US claimed Russia “has directed its intelligence services to recruit current and former Ukrainian government officials to prepare to take over the government of Ukraine and to control Ukraine’s critical infrastructure with an occupying Russian force.”

The Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk and Vladimir Sivkovich — four current and former Ukrainian officials the US said were involved in efforts to gather information and spread disinformation. 

Kozak and Voloshyn are both current members of the Ukrainian Parliament and Oliynyk is a former government official who fled to Russia. Sivkovich is the former Deputy Secretary of the Ukrainian National Security and Defense Council.

The sanctions mean any US property owned by the four is blocked and must be reported to OFAC. The four are also blocked from doing business in the US. The US worked with Ukrainian government officials on the sanctions. 

“The United States is taking action to expose and counter Russia’s dangerous and threatening campaign of influence and disinformation in Ukraine,” said Deputy Secretary of the Treasury Wally Adeyemo. “We are committed to taking steps to hold Russia accountable for their destabilizing actions.”

Kozak, Voloshyn, Oliynyk and Sivkovich are accused of working with Russia’s Federal Security Service on efforts to influence public opinion and create a climate in Ukraine that would make it easier for a new Russian-controlled government in Ukraine to operate and manage Ukraine’s critical infrastructure with an occupying Russian force. 

Both Kozak and Voloshyn are part of a political party led by Victor Medvedchuk, who has previously been sanctioned by the US for alleged efforts to destabilize Ukraine in 2014. Medvedchuk is closely tied to the Russian government, according to the Treasury Department. 

Kozak manages a number of news outlets in Ukraine and the Treasury Department noted that he was also involved in spreading misinformation about the 2020 US election in coordination with the FSB. Voloshyn has close ties to Konstantin Kilimnik, who was previously sanctioned by the US for his role in spreading misinformation about the 2020 US presidential election. 

Oliynyk is accused of helping the FSB gather information about Ukrainian critical infrastructure and currently lives in Moscow. According to the Treasury Department, Sivkovich worked with the FSB on a plot to “build support for Ukraine to officially cede Crimea to Russia in exchange for a drawdown of Russian-backed forces in the Donbas.” 

The US noted that the sanctions are only one part of the US effort to “inflict significant costs on the Russian economy and financial system if it were to further invade Ukraine.” 

The sanctions come one day after US President Joe Biden warned that there would be a response to the website defacements and cyberattacks conducted against Ukrainian government systems. 

“As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine’s critical infrastructure are part of Russia’s hybrid tactics to threaten Ukraine. The overall strategy is designed to pull Ukraine into Russia’s orbit by thwarting Ukraine’s efforts at Western integration, especially with the European Union (EU) and North Atlantic Treaty Organization (NATO),” the Treasury Department added.

“As Russia has pursued broad cyber operations against critical infrastructure, it has focused on disrupting one critical infrastructure sector in particular: Ukraine’s energy sector. Russia has also degraded Ukraine’s access to energy products in the middle of winter. Acting through Russia’s state-owned gas company Gazprom, Russia has repeatedly disrupted supplies to Ukraine—a vital transshipment country with pipelines to other European countries—due to purported disputes over gas pricing.”

LogPoint CTO Christian Have, who previously served as head of network security for the Danish National Police, told ZDNet that the recent cyberattacks against Ukraine were disruptive but not destructive to critical infrastructure or defense operations.

He called equating the recent cyberattacks to cyber warfare or advanced attacks “foolish” because no government services were disrupted. But the attacks, from a Russian perspective, were effective because they are a relatively low-cost, low-harm measure that would not provoke a harsh response yet send a clear signal about their cyber-capabilities.

The attacks also put pressure on Ukraine to reach some kind of new settlement in the ongoing political talks, he added.

But Have noted that the recent attacks could be a cover-up for something else like credential harvesting in preparation for a bigger attack later. He theorized that the attackers may have been harvesting login details and then defaced the websites when the operational objective was reached. 

“This is a tactic that has been used by Belarusian threat actors, that are suspected for involvement in the Ukraine attacks. They have previously used credential harvesting domains attempting to spoof legitimate webmail providers, generic login pages, and the legitimate websites of their targets,” Have said. 

“While the origin of the attacks is still not determined, Russia’s cyber capabilities are well-established, in particular under the umbrella of the Russian Foreign Intelligence Service (SVR) with notable APT campaigns such as APT 29, Cozy Bear, and the Dukes. We know that the Russian Federal Security Service (FSB) has expanded it’s mission to include foreign intelligence operations and offensive cyber security operations as well, with at least one known FSB-team focusing on penetrating energy-sector networks.”