The Council today decided to impose restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.
The sanctions imposed include a travel ban and an asset freeze. In addition, EU persons and entities are forbidden from making funds available to those listed.
Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool. The legal framework for targeted restrictive measures against cyber-attacks was adopted in May 2019 and recently renewed.
“In order to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace, the Council decided today to apply restrictive measures to six individuals and three entities or bodies involved in cyber-attacks with a significant effect, or attempted cyber-attacks with a potentially significant effect, which constitute an external threat to the European Union or its member states, or with a significant effect against third States or international organisations,” the High Representative Josep Borrell said in a statement.
Who is targeted by these sanctions?
The sanctions targeted individuals and entities from Russia, China and North Korea in a sign that it was tackling cyber warfare head on.
The EU targeted the individuals and entities over their involvement in the attempted attack against the Organization for the Prohibition of Chemical Weapons in 2018 as well as the 2017 Not Petya cyberattacks, a virus that first infected computers in Ukraine demanding $300 in cryptocurrency to unlock systems before spreading to Europe and the U.S.
Both events were attributed to Russian actors by government officials.
EU officials also hit groups with penalties over their involvement in the 2017 Wannacry ransomware assault that affected hundreds of thousands of computers in more than 150 countries, which U.S. officials have attributed to North Korea. In addition, sanctions were also imposed on those involved in hacking operations — tied to Chinese spies — that targeted the world’s biggest IT service providers.
What is next?
Russia’s Foreign Ministry said on Friday it would respond with reciprocal measures to European Union travel and financial sanctions against a department of Russia’s military intelligence service for alleged cyberattacks, Reuters reported.