EU imposes sanctions on perpetrators of cyber attacks against Ukraine

The EU has imposed new sanctions on six individuals involved in cyberattacks targeting critical infrastructure and essential services. This marks the first time sanctions have been applied to cybercriminals using ransomware against sectors like health and banking.

What happened?

The Council of the European Union has approved new restrictive measures against six individuals involved in cyberattacks affecting critical infrastructure, state functions, classified information, and emergency response teams in the EU. For the first time, these measures target cybercriminals using ransomware against essential services like health and banking.

The new sanctions list includes two members of the Russian intelligence-affiliated ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets, known for phishing campaigns to steal sensitive data. Also sanctioned are Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, supported by Russia's FSB and responsible for impactful cyberattacks in the EU and Ukraine. Additionally, Mikhail Tsarev and Maksim Galochkin, involved in the ‘Conti’ and ‘Trickbot’ malware under ‘Wizard Spider’, are sanctioned for ransomware campaigns causing significant economic damage.

These measures include asset freezes and travel bans, with EU individuals and entities forbidden from providing funds to those listed. This action reflects the EU's commitment to stronger, sustained responses to malicious cyber activities, in coordination with international partners like the UK and US, to maintain secure cyberspace and promote international cooperation and rule-based order in this domain.

The backstory 

In 2017, the Cyber Diplomacy Toolbox was created by the EU to prevent, deter, discourage, and address malicious cyber operations. The framework underwent revisions in May of 2019. To create a more secure and enduring European Union (EU), cybersecurity conclusions were approved by the Council in May 2024. The Russian cyberspace initiatives are denounced by the EU, which include their involvement with Ukraine's attack that occurred in 2020. The plan is for enhanced cooperation with Ukraine so that international security can progress along with global endurance while promoting awareness about any cyber threats encountered during this period.

What was said?

The EU released a press release stating the new Cyber Diplomacy Toolkit listing includes “two members of the ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets. The ‘Callisto group’ is a group of Russian intelligence officers conducting cyber operations against EU member states and third countries through sustained phishing campaigns intended to steal sensitive data in critical state functions, including defense and external relations.” The press release also mentioned that the listing “targeted Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, a group supported by the Federal Security Service (FSB) of the Russian Federation that carried out various cyber-attacks with a significant impact on the governments of EU member states and Ukraine, including by using phishing emails and malware campaigns.” Furthermore, sanctions have been imposed on Mikhail Tsarev and Maksim Galochkin, prominent figures involved in the distribution of the harmful malware 'Conti' and 'Trickbot', and their involvement with the threat group 'Wizard Spider'.

“With these new listings, the EU and its member states reaffirm their willingness to step up efforts to provide a stronger and more sustained response to persistent malicious cyber activities targeting the EU, its member states and partners. This is in line with joint efforts with our international partners, such as the UK and the US, to disrupt and respond to cyber crime,” says the EU.

In the know 

The Cyber Diplomacy Toolbox is a comprehensive set of measures developed by the European Union to respond to malicious cyber activities threatening the EU and its member states. It includes diplomatic, economic, and legal tools to enhance resilience against cyber threats and hold accountable those responsible. Key components include restrictive measures such as asset freezes and travel bans, diplomatic actions like formal protests and public statements, and cooperation with international partners for collective cyber defenses and assistance to victims of cyber-attacks. Legal actions prosecute responsible individuals or entities, while enhanced information sharing and coordination improve situational awareness and response capabilities. Additionally, the toolbox supports capacity-building initiatives to help nations develop the skills, technologies, and infrastructure necessary for robust cybersecurity. This toolbox is part of the EU's broader strategy to promote a free, open, stable, and secure cyberspace, aligned with the EU's overall foreign and security policy.

In other news: CISA and HHS launch cybersecurity healthcare toolkit

Why it matters

This action matters for several reasons:

• Protecting critical infrastructure: By imposing sanctions on individuals involved in cyber-attacks, the EU aims to safeguard critical infrastructure and essential services, such as health and banking, from disruptions that could have severe economic and societal impacts.
• Deterrence: Sanctioning cybercriminals sends a strong message that malicious cyber activities will not be tolerated. It serves as a deterrent to other potential attackers by demonstrating that the EU is capable and willing to take significant action against cyber threats.
• International security and stability: Cyberattacks can destabilize countries and create international tensions. By taking coordinated action with international partners like the UK and US, the EU contributes to global efforts to maintain a stable and secure cyberspace, which is essential for international security.
• Economic impact: Cyberattacks can cause significant economic damage. By targeting those responsible for ransomware and other malicious activities, the EU aims to reduce the financial losses suffered by businesses and governments.
• Legal and normative frameworks: This action supports the establishment and reinforcement of international norms and legal frameworks governing state behavior in cyberspace. It underscores the EU's commitment to a rules-based order in this domain.
• Message of commitment: The EU’s move reaffirms its commitment to protecting its member states and partners from cyber threats. It shows a willingness to take proactive steps to enhance cybersecurity and support international cooperation in combating cybercrime.

With the rise of cyberattacks, these sanctions act as a proactive measure that will safeguard sensitive information targeted by cybercriminals. This will also reduce the amount spent on mitigating cyberattacks.

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a cyberattack?

A cyberattack is a deliberate attempt by individuals or groups to breach the information systems of another individual, organization, or nation. These attacks aim to steal, alter, or destroy data, disrupt operations, or gain unauthorized access to computer systems and networks. Cyberattacks can take various forms, including phishing, malware, ransomware, denial-of-service (DoS) attacks, and other malicious activities, often causing significant financial, operational, and reputational damage to the targeted entities.

See also: Types of cyber threats

How does the EU implement the Cyber Diplomacy Toolbox?

The toolbox is implemented through coordinated efforts with EU member states and international partners, including diplomatic measures, legal actions, and capacity-building initiatives. It aligns with the EU's broader foreign and security policy to promote a free, open, stable, and secure cyberspace.

How does the Cyber Diplomacy Toolbox enhance international cooperation?

The toolbox fosters international cooperation by aligning EU actions with those of global partners like the UK and the US, promoting joint efforts to combat cybercrime, and strengthening global cybersecurity standards and practices. This collaboration is essential for addressing the transnational nature of cyber threats.