The EU has imposed new sanctions on six individuals involved in cyberattacks targeting critical infrastructure and essential services. This marks the first time sanctions have been applied to cybercriminals using ransomware against sectors like health and banking.
The Council of the European Union has approved new restrictive measures against six individuals involved in cyberattacks affecting critical infrastructure, state functions, classified information, and emergency response teams in the EU. For the first time, these measures target cybercriminals using ransomware against essential services like health and banking.
The new sanctions list includes two members of the Russian intelligence-affiliated ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets, known for phishing campaigns to steal sensitive data. Also sanctioned are Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, supported by Russia's FSB and responsible for impactful cyberattacks in the EU and Ukraine. Additionally, Mikhail Tsarev and Maksim Galochkin, involved in the ‘Conti’ and ‘Trickbot’ malware under ‘Wizard Spider’, are sanctioned for ransomware campaigns causing significant economic damage.
These measures include asset freezes and travel bans, with EU individuals and entities forbidden from providing funds to those listed. This action reflects the EU's commitment to stronger, sustained responses to malicious cyber activities, in coordination with international partners like the UK and US, to maintain secure cyberspace and promote international cooperation and rule-based order in this domain.
In 2017, the Cyber Diplomacy Toolbox was created by the EU to prevent, deter, discourage, and address malicious cyber operations. The framework underwent revisions in May of 2019. To create a more secure and enduring European Union (EU), cybersecurity conclusions were approved by the Council in May 2024. The Russian cyberspace initiatives are denounced by the EU, which include their involvement with Ukraine's attack that occurred in 2020. The plan is for enhanced cooperation with Ukraine so that international security can progress along with global endurance while promoting awareness about any cyber threats encountered during this period.
The EU released a press release stating the new Cyber Diplomacy Toolkit listing includes “two members of the ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets. The ‘Callisto group’ is a group of Russian intelligence officers conducting cyber operations against EU member states and third countries through sustained phishing campaigns intended to steal sensitive data in critical state functions, including defense and external relations.” The press release also mentioned that the listing “targeted Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, a group supported by the Federal Security Service (FSB) of the Russian Federation that carried out various cyber-attacks with a significant impact on the governments of EU member states and Ukraine, including by using phishing emails and malware campaigns.” Furthermore, sanctions have been imposed on Mikhail Tsarev and Maksim Galochkin, prominent figures involved in the distribution of the harmful malware 'Conti' and 'Trickbot', and their involvement with the threat group 'Wizard Spider'.
“With these new listings, the EU and its member states reaffirm their willingness to step up efforts to provide a stronger and more sustained response to persistent malicious cyber activities targeting the EU, its member states and partners. This is in line with joint efforts with our international partners, such as the UK and the US, to disrupt and respond to cyber crime,” says the EU.
The Cyber Diplomacy Toolbox is a comprehensive set of measures developed by the European Union to respond to malicious cyber activities threatening the EU and its member states. It includes diplomatic, economic, and legal tools to enhance resilience against cyber threats and hold accountable those responsible. Key components include restrictive measures such as asset freezes and travel bans, diplomatic actions like formal protests and public statements, and cooperation with international partners for collective cyber defenses and assistance to victims of cyber-attacks. Legal actions prosecute responsible individuals or entities, while enhanced information sharing and coordination improve situational awareness and response capabilities. Additionally, the toolbox supports capacity-building initiatives to help nations develop the skills, technologies, and infrastructure necessary for robust cybersecurity. This toolbox is part of the EU's broader strategy to promote a free, open, stable, and secure cyberspace, aligned with the EU's overall foreign and security policy.
In other news: CISA and HHS launch cybersecurity healthcare toolkit
This action matters for several reasons:
With the rise of cyberattacks, these sanctions act as a proactive measure that will safeguard sensitive information targeted by cybercriminals. This will also reduce the amount spent on mitigating cyberattacks.
See also: HIPAA Compliant Email: The Definitive Guide
A cyberattack is a deliberate attempt by individuals or groups to breach the information systems of another individual, organization, or nation. These attacks aim to steal, alter, or destroy data, disrupt operations, or gain unauthorized access to computer systems and networks. Cyberattacks can take various forms, including phishing, malware, ransomware, denial-of-service (DoS) attacks, and other malicious activities, often causing significant financial, operational, and reputational damage to the targeted entities.
See also: Types of cyber threats
The toolbox is implemented through coordinated efforts with EU member states and international partners, including diplomatic measures, legal actions, and capacity-building initiatives. It aligns with the EU's broader foreign and security policy to promote a free, open, stable, and secure cyberspace.
The toolbox fosters international cooperation by aligning EU actions with those of global partners like the UK and the US, promoting joint efforts to combat cybercrime, and strengthening global cybersecurity standards and practices. This collaboration is essential for addressing the transnational nature of cyber threats.