EU Slaps First-Ever Cyber-Attack Sanctions on Russian, Chinese, North Korean Hackers
A total of six persons and three entities have made the Union’s first cyber-attack sanction list.
Hackers connected with the governments of Russia and China have become the targets of the European Union’s first ever sanctions over cyber-attacks.
The new EU sanctions announced on Thursday by the Union’s European Council are directed at Russian and Chinese individuals as well as a Russian intelligence agency, a Chinese technology company, and a North Korean export firm.
A total of six persons and three entities have been sanctioned by the EU over various politically motived cyber-crimes.
These include major cyber assaults known by the nicknames “WannaCry”, “NotPetya” and “Operation Could Hopper”, and a hacking attempt against the Organization for the Prohibition of Chemical Weapons (OPCW), an intergovernmental organization.
The sanctioned organizations are a specialist unit of Russia’s military intelligence agency, the GRU, a technology company based in China’s fourth-largest city, Tianjin, and an export firm from North Korea.
The sanctions imposed include an EU travel ban, an asset freeze in any areas under EU jurisdiction, and a ban preventing EU persons and entities from making funds available to those listed.
“Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool, the European Council said in a statement, adding that EU legal framework for against cyber-attacks was adopted in May 2019 and recently renewed.
“Since 2017, the EU has put in place a comprehensive cyber diplomacy toolbox to prevent, deter and respond to malicious behavior in cyberspace,” said EU High Representative on foreign and security policy Josep Borrell.
“One of its tools is the EU autonomous cyber-sanctions regime, adopted in 2019, which makes it possible to apply restrictive measures to persons and entities involved in significant cyber-attacks threatening the EU or its member states, regardless of nationality or the location of the perpetrator,” he added.
The best known of the entities sanctioned for the first time for cyber-attacks by the EU is the Main Centre for Special Technologies, a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The unit, based on Kirova Street in Moscow, is said to have carried out attacks known as NotPetya and EternalPetya in June 2017, hitting EU private companies with ransomware and blocking data.
The sanctions list also accuses GRU agents of carrying out an attack on the Ukrainian power grid in the winters of 2015 and 2016 leading to partial shutdowns.
Four alleged Russian GRU agents, which include two “human intelligence support” officers and two “cyber operators” – are also sanctioned by the EU – for their roles in the April 2018 attempt to penetrate the OPCW agency in The Hague.
The attack occurred after the OPCW was investigating reports that Russian-backed Syrian forces carried out chemical attacks.
Alleged GRU agents were intercepted trying to penetrate the agency’s wireless Internet connection from a hire car parked near its headquarters.
“With these sanctions, the EU is taking a big step towards safer cyber space. The price for bad behaviour is being increased, because the bad guys still get away with it too often,” said Dutch Foreign Minister Stef Blok, as cited by AFP.
“Now the EU shows that it can take effective action against these and other malicious parties,” he said.
Another entity targeted by the Union’s cyber-attack sanctions is Tianjin Huaying Haitai Science and Technology Development Company Ltd, which is said to be the actor known to cyber war observers as “Advanced Persistent Threat 10” or APT10.
Haitai is said to have been the source of “Operation Cloud Hopper”. According to the European Council, it “targeted information systems of multinational companies in six continents … and gained unauthorised access to commercially sensitive data, resulting in significant economic loss”.
Another target was Chosun Expo, an export company from North Korea which, under the “WannaCry” banner, is said to have helped hack the Polish Financial Supervision Authority and Sony Pictures Entertainment.
It is alleged to have carried out cyber-theft from the Bangladesh Bank and attempted cyber-theft from the Vietnam Tien Phong Bank.
(Banner image: Josep Borrell on Twitter)