EU has imposed sanctions on foreign actors for the first time ever

For the first-ever time, the EU has imposed economical sanctions on Russia, China, and North Korea following cyber-attacks aimed at the EU and its member states.

The Council of the European Union announced sanctions imposed on a Russia-linked military espionage unit, as well as companies operating for Chinese and North Korean threat actors that launched cyber-attacks against the EU and its member states.

This is the first time that the Council of the EU used a framework established on May 17, 2019, which allow the EU to impose targeted restrictive measures to deter and respond to cyber-attacks aimed at the EU or its member states.

The sanctions include asset freezes, forbid EU organizations and individuals from transferring funds to sanctioned organizations and individuals.

“The Council today decided to impose restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry‘, ‘NotPetya‘, and ‘Operation Cloud Hopper‘.” reads the press release issued by the EU.

“The sanctions imposed include a travel ban and an asset freeze. In addition, EU persons and entities are forbidden from making funds available to those listed.”

The EU imposed sanctions on the following six individuals:

1. GAO Qiang (China)
2. ZHANG Shilong (China)
3. Alexey Valeryevich MININ (Russia)
4. Aleksei Sergeyvich MORENETS (Russia)
5. Evgenii Mikhaylovich SEREBRIAKOV (Russia)
6. Oleg Mikhaylovich SOTNIKOV (Russia)

The first two individuals in the list are Chinese citizens accused to be members of the China-linked APT10 cyberespionage group. The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide.

In July 2018, FireEye observed a series of new attacks of the group leveraging spear-phishing emails using weaponized Word documents that attempt to deliver the UPPERCUT backdoor, also tracked as ANEL.

The remaining individuals in the list are four Russian citizens that were agents of the Russian military intelligence GRU that were involved in the attempted hack against the WiFi network of the OPCW, in the Netherlands.

“The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work.” states the Council of the European Union.” “The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.”

The EU also targeted the following front-end companies operation for the threat actors behind the attacks:

1. Tianjin Huaying Haitai Science and Technology Development Co. Ltd (Huaying Haitai) (China)
2. Chosun Expo (North Korea)
3. Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU) (Russia)

In September 2018, US charged a North Korea agent, working for North Korean military intelligence agency Reconnaissance General Bureau (RGB), over Sony Pictures hack and WannaCry.

The US intelligence highlighted that North Korea hackers were free to operate from Chine. Chosun Expo Joint Venture helped fund North Korean hacking groups by covering their activities with legitimate programming work from an office in Dalian, China. 

Chosun Expo is considered a front company for the North Korea-linked APT38 group, which is a subgroup of the Lazarus Group.

The Council believe that the APT group was behind the massive ‘WannaCry’ campaign and cyber-attacks against the Polish Financial Supervision Authority and Sony Pictures Entertainment. The group is also accused of cyber-attacks against the Bangladesh Bank.

Huaying Haitai is another company hit by the EU sanctions, it was mentioned in an investigation disclosed in December 2018. at the time, the US Department of Justice charged two Chinese hackers for hacking numerous companies and government agencies in a dozen countries, US Indicts Two Chinese Government Hackers Over Global Hacking Campaign.

The company is linked to the Chinese-linked APT10 group and was sanctioned for its involvement in the ‘Operation Cloud Hopper’ cyber-espionage campaign.

“Targeted restrictive measures have a deterrent and dissuasive effect and should be distinguished from attribution of responsibility to a third state.” conclude the EU.

“The EU remains committed to a global, open, stable, peaceful and secure cyberspace and therefore reiterates the need to strengthen international cooperation in order to promote the rules-based order in this area.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, EU sanctions)

[adrotate banner=”5″]

[adrotate banner=”13″]