EU’s First Cyber-Warfare Sanctions Target Russia, China, North Korea

Matthew Broersma,
cyber attack, hacking, compromise, security

EU imposes asset freeze and travel ban on individuals and organisations from three countries over destructive cyber-attacks carried out in the past decade

The UK has said it welcomes cyber-crime sanctions imposed by the EU on individuals and organisations in Russia, China and North Korea.

The first use of the bloc’s Cyber Sanctions regime imposes an asset freeze and a travel ban for those named, and prohibits EU companies and individuals from sending funds to those on the list.

The UK said it would support the sanctions through the transition period as it exits the European Union, and then via the independent UK Cyber Sanctions programme.

“The UK is committed to working with our international partners to agree responsible behaviours and promote international security and stability in cyberspace,” the Foreign Office said in a statement.

networksCyber-warfare

The measures target four individuals from Russia and two from China, along with China’s Tianjin Huaying Haitai Science and Technology Development Company, North Korea’s Chosun Expo and Russia’s Main Centre for Special Technologies, a unit of Russia’s GRU intelligence agency.

EU officials said China’s Gao Qiang and Zhang Shilong were members of the hacking group APT10 that was responsible for Operation Cloud Hopper, which targeted managed internet service providers worldwide.

The four Russians were allegedly GRU agents who attempted to hack the Wi-Fi network of the Netherlands’ Organisation for the Prohibition of Chemical Weapons (OPCW), the EU said.

Chosun Expo, meanwhile, is believed to have links to the Lazarus Group and was penalised for facilitating the destructive “WannaCry” attacks that affected more than 300,000 systems in 150 countries in 2017.

Sanctions

“The EU remains committed to a global, open, stable, peaceful and secure cyberspace and therefore reiterates the need to strengthen international cooperation in order to promote the rules-based order in this area,” the European Council said in a statement.

British foreign secretary Dominic Raab said the measures were intended to head off further attacks.

“Today’s actions will raise the cost on malicious cyber activity by state and non-state actors and will help counter future hostile activity in cyberspace,” he said.

“The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and we will continue to implement this regime after the end of the Transition Period.”