
The European Union and the United Kingdom jointly sanctioned dozens of Russian individuals and entities and accused Russia of coordinating a network of hacking groups responsible for attacks across Europe.
Today, the Council of the European Union announced sanctions on nine individuals and four entities, including Russian military intelligence (GRU) officers and cybercriminals, while the UK separately sanctioned 24 individuals and entities, including senior GRU figures Vyacheslav Stafeyev, Ivan Senin, and Ivan Kasyanenko, whom officials say directed cyber and hybrid operations.
The list of sanctioned individuals includes Vitaly Nikolayevich Kovalev (also known online as “Bentley,” “Alex Konor,” and “Stern”), the leader of the Trickbot and Conti cybercrime gangs, Alexander Volosovik (the owner of Media Land bulletproof hosting service), CARR (Cyber Army of Russia Reborn) hackers Denis Degtyarenko and Yuliya Pankratova, Lumma Stealer developers Maksim Voronin and Maksim Gordienko, as well as Evgeniy Bashev and Roman Puntus, two members of Unit 29155, a hacking unit within the Russian military intelligence agency (GRU).
The UK sanctioned members of IMPULS, a company accused of recruiting hackers from Russian universities, as well as individuals linked to the Lumma Stealer malware operation, which UK authorities linked to at least 2,100 domestic victims over six months. Ten people connected to media outlet Rybar LLC were also designated for spreading anti-Ukraine narratives and alleged election interference in Moldova and Armenia.
The Council of the EU also publicly identified the 16th Centre of Russia's Federal Security Service (FSB) as controlling several cyber threat groups, including the notorious Turla hacking group.
Officials said the unit has spent years targeting government networks and critical infrastructure in France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland, running cyberespionage campaigns against government and defense targets since 2010.
The FSB hackers (tracked as Static Tundra, Berserk Bear, Ghost Blizzard, and Dragonfly) were also linked to a failed strike targeting Poland's critical infrastructure.
As BleepingComputer previously reported, a cyberattack in late December that hit dozens of energy grid facilities in Poland's power grid and damaged key operational technology (OT) equipment using the destructive DynoWiper data-wiping malware could have cut power to roughly 500,000 people during winter, but failed to cause any disruptions.
The incident was later linked by cybersecurity companies ESET and Dragos to the Russian state-backed hacking group Sandworm, while CERT-PL linked it to the Berserk Bear FSB hacking group.
More recently, Poland also blocked a cyberattack targeting the IT infrastructure of the National Centre for Nuclear Research (NCBJ), the country's main government nuclear research institute specializing in nuclear physics, reactor technology, and particle physics.
"Cybercriminals, self-proclaimed hacktivists and private companies linked to Russia, including actors operating under its instructions, direction or control, have also carried out, enabled and facilitated a wide range of malicious activities. We strongly condemn Russia's behaviour and misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruptions and financial losses," the Council of the EU said.
"In response to malicious activities, the EU is also imposing restrictive measures on nine individuals and four entities. These EU sanctions include GRU intelligence officers, as well as cybercriminals, self-proclaimed hacktivists and private companies that contribute to Russia's efforts to destabilise the EU, its member states and international partners."
Today's sanctions come on the heels of the European Commission's January proposal for new cybersecurity legislation designed to strengthen defenses against cybercrime and state-backed threat groups targeting European critical infrastructure.
In March, the Council of the European Union also sanctioned three Chinese and Iranian companies for coordinating cyberattacks targeting EU member states' critical infrastructure.
Update July 14, 03:25 EDT: Added attribution details on December cyberattack on Poland's energy grid.
Test every layer before attackers do
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper