EU targets Russian intelligence, Chinese, North Korean companies in first ever cybercrime-related sanctions batch
The European Union has imposed sanctions on six people and three entities, including a Russian military intelligence unit over their alleged involvement in various hacking activities, in the first ever such move from Brussels.
EU officials slapped the “Special Technologies” unit (GTsST) of the Russian military intelligence (also known as GRU) with sanctions, accusing it of being behind several high-profile cyber-attacks - including the infamous NotPetya virus that inflicted $10 billion worth of damage to the world economy in 2017.
The origins of that virus are still unclear. Yet, what is known for certain is that it targeted Russian companies just as it did foreign firms. This fact, however, never bothered any western officials blaming the NotPetya attack on Moscow.
Other supposed crimes allegedly committed by Russian intelligence include several attacks targeting Ukraine’s power grid in 2015 and 2016. While various cybersecurity experts confirmed the Ukrainian power grid was indeed targeted in cyberattacks, little is known about their origin. Some US experts, however, blamed them on the usual culprit - Russia - without providing any solid evidence.
The EU also linked the GTsST to the mysterious Sandworm hacking group. No conclusive evidence of the group’s existence has been presented to the public as of yet - though it has also been blamed for various attacks by Western media, including the very same NotPetya virus now used by the EU to impose sanctions on the GRU unit. Sandworm has also been accused of spying on NATO - and one journalist for the Wired tech website even wrote a book on its supposed activities.
The connection between the group and GRU was made by US spy agency NSA in a May press release. The NSA, which itself is infamous for its world-spanning secret surveillance activities, warned that the Sandworm hackers supposedly gained access to mail servers and took control of them. It did not provide any proof to substantiate its claims.
The EU also singled out four people it described as GTsST operatives who Dutch authorities accused of trying to hack into the OPCW wifi network, but were prevented from doing so by local intelligence.
Two Chinese nationals accused of contributing to ‘Operation Cloud Hopper’ - a series of cyberattacks aimed at stealing commercially sensitive data from multinational companies around the world - also made it onto the sanctions list.
Other names on the list include Chinese company Haitai Technology Development and a North Korean firm, Chosun Expo.
Haitai Technology Development is accused of providing “financial, technical or material support” for Operation Cloud Hopper for simply employing the two Chinese individuals included on the sanctions list. Chosun Expo, in turn, was similarly accused of facilitating the WannaCry ransomware attack, which crippled 200,000 computers in 150 countries in 2017.
That attack was attributed to the notorious Lazarus Group – an organization of hackers reportedly active at least since 2009. Although little is known about it, some experts earlier linked it to North Korea. Pyongyang repeatedly denied having anything to do with it.
Brussels has not provided any specific evidence that could prove the guilt of any of the mentioned parties.
According to EU foreign policy chief, Josep Borrell, the list of restrictions include travel bans and asset freezes. It is unclear, however, if there are in fact any accounts to freeze in the first place - or whether any of the targeted individuals planned to travel to the EU at all.
Yet, imposing the sanctions - the EU’s first related to cybercrime - seems to be a good PR stunt at the expense of perennial boogeymen Russia, China and North Korea. Indeed, the move drew quick praise from London.
The UK Foreign Office welcomed the sanctions drive and boasted that it was virtually one of the first to identify these “malicious actors” when the EU had not yet made its move. It added that the UK, which has now left the union, was “at the forefront of efforts to establish the EU Cyber Sanctions regime.”
The origins of that virus are still unclear. Yet, what is known for certain is that it targeted Russian companies just as it did foreign firms. This fact, however, never bothered any western officials blaming the NotPetya attack on Moscow.
Other supposed crimes allegedly committed by Russian intelligence include several attacks targeting Ukraine’s power grid in 2015 and 2016. While various cybersecurity experts confirmed the Ukrainian power grid was indeed targeted in cyberattacks, little is known about their origin. Some US experts, however, blamed them on the usual culprit - Russia - without providing any solid evidence.
The EU also linked the GTsST to the mysterious Sandworm hacking group. No conclusive evidence of the group’s existence has been presented to the public as of yet - though it has also been blamed for various attacks by Western media, including the very same NotPetya virus now used by the EU to impose sanctions on the GRU unit. Sandworm has also been accused of spying on NATO - and one journalist for the Wired tech website even wrote a book on its supposed activities.
The connection between the group and GRU was made by US spy agency NSA in a May press release. The NSA, which itself is infamous for its world-spanning secret surveillance activities, warned that the Sandworm hackers supposedly gained access to mail servers and took control of them. It did not provide any proof to substantiate its claims.
The EU also singled out four people it described as GTsST operatives who Dutch authorities accused of trying to hack into the OPCW wifi network, but were prevented from doing so by local intelligence.
Two Chinese nationals accused of contributing to ‘Operation Cloud Hopper’ - a series of cyberattacks aimed at stealing commercially sensitive data from multinational companies around the world - also made it onto the sanctions list.
Other names on the list include Chinese company Haitai Technology Development and a North Korean firm, Chosun Expo.
Haitai Technology Development is accused of providing “financial, technical or material support” for Operation Cloud Hopper for simply employing the two Chinese individuals included on the sanctions list. Chosun Expo, in turn, was similarly accused of facilitating the WannaCry ransomware attack, which crippled 200,000 computers in 150 countries in 2017.
That attack was attributed to the notorious Lazarus Group – an organization of hackers reportedly active at least since 2009. Although little is known about it, some experts earlier linked it to North Korea. Pyongyang repeatedly denied having anything to do with it.
Brussels has not provided any specific evidence that could prove the guilt of any of the mentioned parties.
According to EU foreign policy chief, Josep Borrell, the list of restrictions include travel bans and asset freezes. It is unclear, however, if there are in fact any accounts to freeze in the first place - or whether any of the targeted individuals planned to travel to the EU at all.
Yet, imposing the sanctions - the EU’s first related to cybercrime - seems to be a good PR stunt at the expense of perennial boogeymen Russia, China and North Korea. Indeed, the move drew quick praise from London.
The UK Foreign Office welcomed the sanctions drive and boasted that it was virtually one of the first to identify these “malicious actors” when the EU had not yet made its move. It added that the UK, which has now left the union, was “at the forefront of efforts to establish the EU Cyber Sanctions regime.”
