The EU Council has sanctioned entities and individuals from China, Russia, and North Korea due to their involvement in cyber-attacks.
This is the first time that the EU Council uses the authority granted to it under EU regulation 2019/796, adopted in May 2019, to impose targeted restrictive measures against significant cyber-attacks constituting an external threat to the European Union, its Member States, or other countries and organizations.
Among those sanctioned by the Council is the Russian information security agency (the GTsST), who was accused to be responsible for cyber-attacks publicly known as “NotPetya” or “EternalPetya” in June 2017, for ransomware that rendered data inaccessible at companies around the world, and for the cyber-attacks directed at a Ukrainian power grid in 2015 and 2016. In addition, four of the GTsST’s agents were sanctioned for their involvement in an attempted cyber-attack against the Organization for the Prohibition of Chemical Weapons (OPCW) in the Netherlands.
The Council also imposed sanctions on the North Korean company Chosun Expo, found to have provided financial, technical, or material support for a series of cyber-attacks. These include cyber-attacks publicly known as “WannaCry” and cyber-attacks against the Polish Financial Supervision Authority, Sony Pictures Entertainment, a Bangladesh Bank, and a Vietnamese Bank. It also sanctioned the Chinese company Haitai Technology Development and two of its executives, who were found to have provided financial, technical, or material support for and facilitated “Operation Cloud Hopper”, a cyber-attack that targeted information systems of multinational companies in six continents, including companies located in the EU, and gained unauthorized access to commercially sensitive data, resulting in significant economic loss.
The sanctions imposed by the Council include the freezing of assets in the EU, as well as a travel ban for those individuals in the EU.
CLICK HERE to read the EU Council’s decision.