Russia Bypassing Sanctions: the Chimmed-Rusmedtorg Scheme

It all started with an email popping into our mailbox underyournoz@protonmail.com.

As OSINT enthusiasts, and sheer believers that our action can contribute to stopping war horrors, we’d decided from the start of our journey to call for help without the intimate conviction that someone would one day contact us. Or at least we thought it could take some times, maybe years.

But it came, sooner than we expected. In late January, someone who didn’t identify himself at first, a whistleblower of some sort we’ll call Nostril, had contacted UnderYourNoZ among other OSINT groups and investigation news outlets to denounce a Russian pharmaceutical company based in Moscow named Chimmed (INN: 7724709468 and KPP: 772401001). The email stated: “How Chimmed bypass US sanctions”.

Source: https://www.opensanctions.org/entities/NK-fjWkU8ugJuP9iDW5V2wcQc/

While our first reaction was doubt and mistrust, we decided to look into the material and do what we had to. We’ll present our findings and how we primarily assessed these documents in the second part of this article. This step was crucial before taking any decision to publish.

Chimmed is a Russian firm specialized in the production and sale of pharmaceuticals and chemicals. It is based in Moscow and more precisely at 9/3 Kashirskoe Highway, Moscow, 115230. Legal address is 115230, Moscow, Kashirskoe shosse, building 3, building 2, building 4/9 on the territory of the Sirius Park Business Center.

Chimmed official website

Pharmaceutical? How is that related to war effort you would say? Well, Chimmed is officially sanctioned since June 2024 for “prohibition/restriction” and also “due to suspicion of developing chemical weapons”. Indeed, Chimmed and “its affiliates procure U.S.- and Western-origin equipment and consumables for Russian entities connected to the country’s biological and chemical weapons programs” according to a statement by the U.S. Treasury.
Despite of that matter, the documents (emails, invoices) shared by Nostril helped to understand how the Russian industry, through front companies and intermediaries, keeps importing Western goods essential to the Kremlin’s war effort in Ukraine. Our job was then to connect the dots and use OSINT craft to assess the reliability of the material transmitted by Nostril.

And to reveal to the public what other official entities decided not to investigate upon as Nostril tried without success to appeal to European decision-makers.

The general scheme: when Chimmed becomes Rusmedtorg

The documents now in our possession highlight the ability of Russian companies to keep business afloat in spite of sanctions while their army keeps shelling the neighboring country. How do they do so? First bout is for Chimmed to close deals with dozens of Chinese and Indian intermediaries to obtain Western pharmaceutical products through indirect means. Some examples of these companies include the Chinese company Puretek Instrument and the Indian companies Synzeal or Chromatography World. No surprise here has some may consider them friendly countries to Russia but there’s more. Western suppliers are indirectly accomplice, including well-known firms such as U.S. company Thermo Fisher. Its products end up in the hands of Russian entities linked to the military through the proxy firms they are dealing with.

Source: https://labstore.ru/en/promotion/kompaniya-rusmedtorg-predlagaet-oborudovanie-thermo-fisher-scientific-so-sklada-v-moskve/

In more details, the ingenious process is as follows: the Chinese and Indian companies directly import Western products but can’t trade directly with Chimmed without facing retribution because it is under sanctions. So here comes the second maneuver: the commercial documents (invoices,
quotes) are edited by Chimmed employees in the name of a front Russian company named Rusmedtorg (INN: 7727218122 and KPP: 771601001).

Source: https://www.opensanctions.org/entities/NK-JXDfZvkKiFKtJ2fD7gAQwH/

The latter specializes in the trade of pharmaceutical products and medical devices — rings a bell? According to Russian public registers, Rusmedtorg was registered in 2013 and is located at 129327, Moscow, yes. Lenskaya, d2/21, pom. III, komn. It reported a turnover of 3.2 billion rubble in 2023,
a very strong increase of 83% since 2020. War pays good money. Moreover, Rusmedtorg also owns branches in Kazan and Novosibirsk like another Russian company: Chimmed. These two have a cooperation contract and are basically the same company. In fact, Rusmedtorg has joined
Chimmed under US sanctions later in the year 2024.

Our research detected a very low digital presence: a Telegram channel (495 subscribers) and a Vkontake account were identified, few employees (we’ll detail that in another article) and yet an important activity in the conference rooms.

Nostril provided solid evidence of the circumvention of international sanctions. Everything could have stay under the radar until Chimmed and its intermediaries started to make mistake, being cocky, reckless or simply careless. In May 2023, a Chimmed employee named Ruslan, using the
email address miroshnikov@chimmed.ru, sent back a contract in the name of Rusmedtorg to his counterpart Gracy Zhou from the Chinese company Ningbo Long Victory International for Thermo Fisher products.

Screenshot from email provided by Nostril

Gracy Zhou specified to Ruslan that the cooperation contract between his company Ningbo Long Victory International and Chimmed needed to be chopped from the “Rusmedtorg” mention.

Screenshot from email provided by Nostril

Moving forward to October 2023. A quotation draft for buying a drug called Bisoprolol was issued from the Indian company SynZeal and the recipient was supposed to be “RUSMEDTORG”. But looking closely, one can read that the contact, Mrs. Shabanova, uses an email address with a domain name belonging to Chimmed: shabanova@chimmed.ru. Two companies, one same employee?

The mistake was to be repeated. Still in October 2023, Mumbai’s Chromatography World issued an invoice to Rusmedtorg LLC but pointed to an “email id” belonging to Chimmed: sobolevd@chimmed.ru.

The Chromatography World invoice

In February 2024, as the second anniversary of the brutal invasion of Ukraine was coming closer, Rusmedtorg was still trading with its suppliers on behalf of Chimmed without being affected by sanctions. An invoice for Trajan ferule from the Chinese company Puretek was issued to Rusmedtorg with all payment details but the phone number “+7 499 682–65–55” of the person in charge, Romain Dubovitskiy, is actually related to Chimmed. The link can easily be established with a simple online query.

The Puretek Invoice

How did UnderYourNoZ assessed the reliability of the documents?

We unveiled to you the general strategy set by Chimmed to keep its business running in the middle of the most violent conflict Europe has witness in the last 40 years. But one might ask how could UnderYourNoZ be sure about the veracity of the Chimmed-Rusmedtorg files? We used OSINT. We dove into the metadata of the files transferred by Nostril.

It allowed access to basic information such as the subject and email address but also other valuable details.

The first email sent from rmedtorg.ru domain does use a Russian IP address (89.108.122.231), suggesting that the sender is likely located in Russia or using a Russian server with Roundcube Webmail/1.4.11. Using the criminalip.io platform, we can identify that this IP address has two open ports redirecting to a mail server that does belong to rusmedtorg.ru.

Source: criminalip.io

It appears that Shanghai Honest Chem Co. uses Alibaba Cloud, based on a reference to aliyun.com.

The other emails sent from Chimmed use a different Russian IP address (46.148.206.226) and run on a Thunderbird mail server in a Windows 10 environment.

Source: criminalip.io

Source: criminalip.io

 

 Table of contents

> Whistleblower
> The general scheme 
> Documents' reliability
> What's next?