EU imposes sanctions on Russian, North Korean, Chinese groups and individuals for major cyberattacks

The European Union (EU) on Thursday imposed sanctions on six hackers and three groups behind some of the most significant and wide-reaching international cyberattacks in history.

The EU froze the assets and imposed a travel ban on individuals involved in the “WannaCry,” “NotPetya,” and “Operation Cloud Hopper” attacks, along with those responsible for a cyberattack against the Dutch Organization for the Prohibition of Chemical Weapons (OPCW), an intergovernmental group based in The Hague. 

The 2017 WannaCry and NotPetya attacks were some of the most devastating ransomware attacks in history.

North Korean group Chosun Expo was sanctioned by the EU for involvement in the WannaCry attack, which encrypted or locked down over hundreds of thousands of computer systems across 150 countries, seriously impacting the United Kingdom’s general medical practices and targeting companies including Sony Pictures Entertainment and the Polish Financial Supervision Authority. 

The NotPetya ransomware attack targeted Ukrainian and other international companies, with the attack successfully switching off parts of the Ukrainian power grid in the middle of winter.

The CIA attributed the attack to the GRU, Russia’s military intelligence agency, with the GRU’s Main Center for Technologies one of the groups sanctioned by the EU on Thursday due to the attack. 

Chinese nationals Gao Qiang and Zhang Shilong, along with the Tianjin Huaying Haitai Science and Technology Development Co. in China, were sanctioned for carrying out Operation Cloud Hopper.

This effort involved cyberattacks on companies on six continents, including those in the EU, and was carried out by Advanced Persistent Threat (APT) group 10, a Chinese group that was indicted by the Department of Justice in 2018 for a “global computer intrusion campaign.”

Four Russian nationals associated with the GRU — Oleg Sotnikov, Evgenii Serebriakov, Aleksei Morenets, and Alexey Minin — were sanctioned for attempting to hack into the WiFi networks of the OPCW in 2018, which the Netherlands Defense Intelligence and Security Service was able to block. 

John Hultquist, the senior director of analysis at cybersecurity firm FireEye’s Mandiant Threat Intelligence program, told The Hill in a statement that sanctions against the hackers involved in the OPCW attack “may be particularly effective for disrupting this activity as they may hinder the free movement of this unit.”

EU High Representative Josep Borrell said in a statement Thursday that the EU regarded malicious cyberattacks as “unacceptable.”

“We strongly promote a global, open, stable, peaceful and secure cyberspace where human rights and fundamental freedoms and the rule of law fully apply, supporting the acceleration of social, political and economic development,” Borrell said. “We will continue to strengthen our cooperation to advance international security and stability in cyberspace, increase global resilience and to raise awareness on cyber threats and malicious cyber activities.”

The action marks the first time the EU has used its legal authorities to target hackers directing cyberattacks against EU member states and their citizens.

These authorities stem from a “cyber diplomacy toolbox” that went into effect last year, allowing EU member states to impose sanctions on individuals that pose national security threats due to malicious cyber activities.