Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

EU Sanctions on Russian, Chinese ‘Cyber Attackers’

The European Union imposed its first ever sanctions against alleged cyber attackers on Thursday, targeting Russian and Chinese individuals and a specialist unit of Moscow’s GRU military intelligence agency.

An export firm based in North Korea and technology company from Tiajin, China, were also listed.

The European Union imposed its first ever sanctions against alleged cyber attackers on Thursday, targeting Russian and Chinese individuals and a specialist unit of Moscow’s GRU military intelligence agency.

An export firm based in North Korea and technology company from Tiajin, China, were also listed.

The member states said measures would be taken against six individuals and three entities involved in various actions, including the attempt to hack into the Organisation for the Prohibition of Chemical Weapons (OPCW).

They also included suspects said to be involved in the major cyber assaults known by the nicknames “WannaCry“, “NotPetya” and “Operation Could Hopper“. 

The individuals will be banned from travel to the European Union and all the targets will be subject to an asset freeze for any funds in areas under EU jurisdiction.

In addition, the European Council of member states said: “EU persons and entities are forbidden from making funds available to those listed.”

EU foreign policy chief Josep Borrell said the action had been taken “to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace”.

These attacks, he said, represented “an external threat to the European Union or its member states” or had “a significant effect against third States or international organisations”.

Advertisement. Scroll to continue reading.

The best known of the targeted entities is the Main Centre for Special Technologies, a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation — better known as the GRU.

This unit, based on Kirova Street in Moscow, is said to have carried out attacks known as NotPetya and EternalPetya in June 2017, hitting EU private companies with ransomware and blocking data.

The sanctions list also accuses GRU agents of carrying out an attack on the Ukrainian power grid in the winters of 2015 and 2016, resulting in parts of it being shut down.

Four alleged Russian GRU agents — two “human intelligence support” officers and two “cyber operators” — are also named, for their roles in the April 2018 attempt to penetrate the OPCW agency in The Hague.

The watchdog was investigating reports that Russian-backed Syrian forces carried out chemical attacks when alleged GRU agents were intercepted trying to penetrate the agency’s wifi from a hire car parked near its headquarters. 

“With these sanctions, the EU is taking a big step towards safer cyber space. The price for bad behaviour is being increased, because the bad guys still get away with it too often,” said Dutch foreign minister Stef Blok.

“Now the EU shows that it can take effective action against these and other malicious parties,” he said.

The other two entities targeted were Tianjin Huaying Haitai Science and Technology Development Company Ltd, said to be the actor known to cyber war observers as “Advanced Persistent Threat 10” or APT10.

Haitai is said to have been the source of “Operation Cloud Hopper“, which the European Council said “targeted information systems of multinational companies in six continents … and gained unauthorised access to commercially sensitive data, resulting in significant economic loss”.

Another target was Chosun Expo, an export company from North Korea which, under the “WannaCry” banner, is said to have helped hack the Polish Financial Supervision Authority and Sony Pictures Entertainment.

It is alleged to have carried out cyber-theft from the Bangladesh Bank and attempted cyber-theft from the Vietnam Tien Phong Bank.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.