EU Issues First Sanctions for CyberattacksRussian, Chinese, North Korean Individuals and Entities Cited
The European Union has imposed its first sanctions against individuals and entities from Russia, China and North Korea for their alleged roles in hacking activities and cyberattacks that have targeted EU citizens and organizations.
The sanctions announced Thursday include travel bans and asset freezes against six individuals and three entities associated with cyberattacks and security incidents, according to the European Council, which defines and enforces the EU's overall political direction and priorities.
EU citizens and businesses are also now forbidden to engage in any transactions with the individuals or entities named in the sanctions report.
The European Council first adopted the legal framework to bring sanctions against individuals and organizations associated with nation-state cyberattacks in May 2019, but this is the first time this law has been enforced, according to a statement.
"Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," according to the European Council.
The first set of sanctions imposed by the European Council is targeted against two Chinese nationals and one company for their role in a series of attacks that is referred to as Cloud Hopper, which targeted six major cloud service providers starting in 2016 (see: Cloud Hopper: Major Cloud Services Victims Named).
As part of the sanctions, the European authorities note that the two Chinese nationals, Gao Qiang and Zhang Shilong, belonging to a hacking group known as APT10, and a company called Tianjin Huaying Haitai Science and Technology Development Co. helped facilitate the Cloud Hopper attacks.
The second set of sanctions names four Russian nationals who the European Council accuses of targeting the Organization for the Prohibition of Chemical Weapons in the Netherlands, in 2018. The Netherlands General Intelligence and Security Service, along with several other European intelligence agencies, stopped the attack from progressing.
The four Russian nationals who are suspected of trying to carry out the attack and who now face sanctions include: Alexey Valeryevich Minin, Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov and Oleg Mikhaylovich Sotnikov. All four are also suspected of belonging to Russia's Main Intelligence Directorate, commonly referred to as the GRU, which serves as the military intelligence division of Russia's armed forces, according to the European Council.
The third set of sanctions was levied against a division within the GRU called Unit 74455, which is also referred to as Sandworm. The European Council believes that this group is responsible for the NotPetya ransomware attacks of June 2017 (see: Police in Ukraine Blame Russia for NotPetya).
While NotPetya is believed to have mainly targeted businesses and organizations in Ukraine, which is not part of the EU, the European Council notes that the incident "rendered data inaccessible in a number of companies in the European Union, wider Europe and worldwide, by targeting computers with ransomware and blocking access to data, resulting in significant economic loss."
The fourth set of sanctions targets the North Korean company Chosun Expo, which the European Council alleges helped facilitate the WannaCry ransomware attacks of 2017.
This ransomware attack, which affected organizations around the world, is believed to have been conducted by the North Korean hacking group Lazarus (see: Is WannaCry the First Nation-State Ransomware?).
In September 2019, the U.S. Treasury Department sanctioned Lazarus and two subgroups for their alleged role in WannaCry. The sanctions blocked the hacking groups from accessing any property within the United States, and banned U.S. citizens from doing any type of business with the groups (see: US Sanctions 3 North Korean Hacking Groups).