EU Sanctions Cyber Attackers for First Time

EU Sanctions Cyber Attackers for First Time
European Union flags flutter outside the European Commission headquarters in Brussels, Belgium (Reuters/Yves Herman)
Lily Zhou
7/31/2020
Updated:
8/1/2020

The European Union on Thursday sanctioned six individuals and three entities from Russia, China, and North Korea. This is the first time the bloc has utilized its sanction powers against actors involved in cyber-attacks.

The sanctions include the freezing of assets and a travel ban, with EU “persons and entities forbidden from making funds available to those listed,” the European Council said in a statement.
Josep Borrell, the EU’s minister for foreign affairs and security policy, said in a statement that the measures are to “better prevent, discourage, deter, and respond” to “malicious behavior in cyberspace.”
High Representative of the EU for Foreign Affairs and Security Policy Josep Borrell holds a press conference in Brussels, Belgium, on May 26, 2020. (Pool/Getty Images)
High Representative of the EU for Foreign Affairs and Security Policy Josep Borrell holds a press conference in Brussels, Belgium, on May 26, 2020. (Pool/Getty Images)
The UK, which is still in the transition period of Brexit, praised the sanctions, which it said sent “a strong signal that malicious cyber activity against our European partners and allies has consequences” and “will impose meaningful costs for the reckless behavior of state and non-state actors.”

British Foreign Minister Dominic Raab pledged that the UK will continue the sanctions with its own autonomous “cyber sanctions” regime.

“Today’s actions will raise the cost on malicious cyber activity by state and non-state actors and will help counter future hostile activity in cyberspace. The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and we will continue to implement this regime after the end of the transition period,” Raab said in a statement.

Russians

Four Russian individuals were listed for taking part in “an attempted cyber-attack with a potentially significant effect against the Organization for the Prohibition of Chemical Weapons (OPCW),” according to the European Council.

Also from Russia is a military entity called The Main Center for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU).

GTsST is responsible for a cyber-attack campaign known as “NotPetya” or “EternalPetya” in June 2017,  and the cyber-attacks directed at a Ukrainian power grid in the winter of 2015 and 2016.

After the attack against the OPCW was uncovered, The Netherlands, where the organization’s headquarters is located, “took on a leadership role to accelerate the development of a cybersecurity regime within the EU,a statement from the Dutch government read.
Netherlands' Foreign Affairs Minister Stef Blok at the Europa building in Brussels on Jan. 10, 2020. (Kenzo Tribouillard/AFP via Getty Images)
Netherlands' Foreign Affairs Minister Stef Blok at the Europa building in Brussels on Jan. 10, 2020. (Kenzo Tribouillard/AFP via Getty Images)

Dutch foreign minister Stef Blok welcomed the news.

“These sanctions are a major step forward towards a safer digital domain. For too long, the bad guys have been getting away with it,” Blok said in a statement.
“The EU has a shared interest in working together against these attacks,” Blok said. ‘The time of simply issuing warnings in cyberspace is over.”

Chinese

Two Chinese individuals and a Chinese company are sanctioned for their involvement in “Operation Cloud Hopper,“ which ”has targeted information systems of multinational companies in six continents, including companies located in the [European] Union, and gained unauthorized access to commercially sensitive data, resulting in significant economic loss,” according to the European Council.
Zhang Shilong is alleged to have “developed and tested” the malware that the cyber-espionage group Advanced Persistent Threat 10 (APT10) used in its cyber-attacks. APT10, which carried out Operation Cloud Hopper, “acted on behalf of the Chinese Ministry of State Security,“ the UK government said in 2018.
Zhang is one of the two Chinese nationals indicted by the United States for APT10’s hacking of government agencies, including the Navy and NASA, and companies involved in technologies used in aviation, space, communications, the manufacturing of advanced electronic systems and laboratory analytical instruments, the maritime sector, and oil and gas drilling, production, and processing.
“The APT10 Group compromised more than 40 computers in order to steal sensitive data belonging to the Navy, including the names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses of more than 100,000 Navy personnel,” a statement from the U.S. Department of Justice revealed.
Photographs of Zhu Hua and Zhang Shilong, members of a hacking group in China, appear on a U.S. Federal Bureau of Investigation (FBI) poster provided by the FBI, on Dec. 21, 2018. (Federal Bureau of Investigation/Handout via Reuters)
Photographs of Zhu Hua and Zhang Shilong, members of a hacking group in China, appear on a U.S. Federal Bureau of Investigation (FBI) poster provided by the FBI, on Dec. 21, 2018. (Federal Bureau of Investigation/Handout via Reuters)

Gao Qiang, the other Chinese national on the EU sanctions list, is associated with “APT 10 command and control infrastructure,” according to the European Council.

Both individuals are or were employees of Tianjin Huaying Haitai Science and Technology Development Co. Ltd, the Chinese company also sanctioned by the EU for providing “financial, technical or material support for” and facilitating Operation Cloud Hopper.

North Korea

Chosun Expo from North Korea made the list because it “provided financial, technical, or material support for and facilitated a series of cyber-attacks with a significant effect,” including "the cyber-attacks publicly known as ’WannaCry’ and cyber-attacks against the Polish Financial Supervision Authority and Sony Pictures Entertainment, as well as cyber-theft from the Bangladesh Bank and attempted cyber-theft from the Vietnam Tien Phong Bank,” according to the European Council.

Chosun Expo is linked to Advanced Persistent Threat 38 (APT38), the group that carried out the WannaCry attack, “including through the accounts used for the cyber-attacks.”

The WannaCry ransomware attack “impacted 300,000 computers in 150 countries, including 48 NHS trusts,” the UK government said.