Extreme Networks fesses up to selling kit to Russian hypersonic missile maker
Buyer Avangard's ordnance has reportedly been used against Ukraine
Extreme Networks has admitted to breaching sanctions on Russian businesses by selling some of its products to a company that was sanctioned following Russia's 2014 illegal occupation of Crimea.
In a regulatory filing the networking vendor admitted that a former employee who now works for a Russian distributor sold Extreme's products to a Russian company called MMZ Avangard that was first sanctioned after Russia seized Crimea from Ukraine in 2014 and was named on a list of companies on which the USA imposed further restrictions after the illegal invasion of Ukraine.
Avangard is the name of Russia's hypersonic missiles, which are thought to have been used against Ukraine during the ongoing illegal invasion. In June, Russian newswire TASS reported a second missile regiment armed with the weapons was to assume combat ready status.
Extreme Networks' filing offers the following three-point explanation of the situation:
- The sanctioned company was an indirect customer of a networking business, which Extreme acquired from another company in July 2017.
- Through Extreme's investigation, the Company found that DEMZ was a front business for MMZ Avangard, a subsidiary of a Russian military contractor.
- From 2018 through 2021, a Russian distributor ordered Extreme products for different partners who made orders on behalf of DEMZ, which transferred Extreme's products to MMZ Avangard. The former employee continued to perpetuate this scheme upon going to work for the distributor after being terminated by Extreme for performance issues.
Extreme Networks did not spot the transactions described above. Newswire Reuters learned of the transactions and informed the networking company. Reuters's account of the situation indicates that internal concern at Extreme Networks regarding the transactions was disregarded.
Extreme Networks has notified US authorities of the incident, stated that it "continues to review these matters including whether current and former employees may have been involved" and pledged to "continue to be vigilant in implementing best in class export control processes and controls."
The company also revealed "The total figure of the misappropriated product sales over five years is currently estimated to be approximately $645,000" and comprised "legacy networking hardware used to enable network connectivity."
That a Russian defense contractor spent that much on very ordinary networking kit might be a tiny upside in this affair.
- Extreme Networks misses death-of-Flash deadline, suggests winding back PC clocks to keep its GUI alive
- China could use Digital Yuan to swerve Russia-style sanctions
- Samsung's Ukraine headquarters damaged by Russian missile strike
- UK hits Russia with British IT services ban
Reuters points out that, unlike other large networking vendors, Extreme Networks doesn't attach subscriptions to its products. That means Russian buyers feel safer acquiring its kit than from rival vendors that have tied their hardware to cloudy pricing schemes and services.
Extreme Networks shuttered its Russian operations in March 2022, so these sales predate the invasion of Ukraine and the company's sins are not recent.
But sins they are – albeit sins that can be hard to prevent when employees go rogue and bad actors step in to obfuscate transactions. But they're also avoidable sins: in 2015 The Register reported gray market resellers shipping kit from Dubai to Iran in contravention of sanctions, which we mention to point out that the risk of the channel going bad is not unknown or unforeseeable. ®