First-ever EU cyber sanctions hit Russian, Chinese, North Koreans

BRUSSELS (AP) – The European Union (EU) imposed its first-ever sanctions over cyberattacks, slapping them on alleged Russian military agents, Chinese cyber spies and organisations including a North Korean firm.

The six people and three groups hit with sanctions include Russia’s GRU military intelligence agency. EU headquarters blamed them in a statement for the 2017 WannaCry ransomware and NotPetya malware attacks and the Cloud Hopper cyberespionage campaign.

EU foreign policy chief Josep Borrell said the sanctions “are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.”

Four Russians identified as GRU members were accused of trying to hack the Wi-Fi network of the Netherlands-based Organisation for the Prohibition of Chemical Weapons, or OPCW, which has probed the use of chemical weapons in Syria.

The 2018 attack was foiled by Dutch authorities. The GRU was also sanctioned for NotPetya, which targetted companies that do business with Ukraine and caused billions of dollars in damage globally, and cyberattacks on Ukraine’s power grid in 2015 and 2016.

The two sanctioned Chinese nationals were accused of involvement in “Operation Cloud Hopper,” which the EU said hit companies on six continents, including Europe, through cloud services providers and “gained unauthorised access to commercially sensitive data, resulting in significant economic loss.”

An IT researcher shows on a giant screen a computer infected by a ransomware in Rennes. PHOTO: AFP