EU Applies First Ever Sanctions in Response to Cyber-Attacks

Written by

The EU has applied its first ever sanctions in retaliation for cyber-attacks carried out by state-backed Chinese, Russian and North Korean hackers over recent years.

The bloc said it will impose a travel ban and asset freeze on six individuals and three entities in response to the Operation Cloud Hopper, WannaCry and NotPetya attacks, as well as an attempted breach of security at the Organization for the Prohibition of Chemical Weapons (OPCW).

WannaCry has been linked to Pyongyang, while NotPetya is thought to be the work of the Russian military (GRU) and Cloud Hopper was blamed on China’s Ministry of State Security (APT10).

“The measures follow the European Union and member states’ consistent signaling and determination to protect the integrity, security, social-wellbeing and prosperity of our free and democratic societies, as well as the rules-based order and the solid functioning of its international organizations,” said EU high representative, Josep Borrell.

“We will continue to strengthen our cooperation to advance international security and stability in cyber space, increase global resilience and to raise awareness on cyber-threats and malicious cyber-activities.”

While 2017’s NotPetya and WannaCry are fairly well known, Cloud Hopper is less so, although this multi-year APT campaign successfully breached countless managed service providers around the world

“The GRU was also behind an attempt to hack the OPCW’s Wi-Fi network by physically visiting their facilities in the Hague. That operation was disrupted but the unit had been involved in similar operations in Switzerland, Brazil and Malaysia which targeted the Olympics and other investigations involving Russia,” explained John Hultquist, senior director of analysis at Mandiant Threat Intelligence.

“The consistent use of physical human intelligence teams to supplement its intrusion efforts makes the GRU a particularly effective adversary. Sanctions may be particularly effective for disrupting this activity as they may hinder the free movement of this unit.”

What’s hot on Infosecurity Magazine?