The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud Hopper,' as well as an attempted cyber-attack against the organization for the prohibition of chemical weapons.
Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals. The companies involved in carrying out cyberattacks include an export firm based in North Korea, and technology companies from China and Russia.
The sanctions imposed include a ban on persons traveling to any EU countries and a freeze of assets on persons and entities.
Besides this, EU citizens and entities are also forbidden from doing any business or engaging in transactions with those on the sanction list.
According to the European Council, the detailed of these persons or entities are:
- Two Chinese Individuals—Gao Qiang and Zhang Shilong—and a technology firm, named Tianjin Huaying Haitai Science and Technology Development Co. Ltd, for the Operation Cloud Hopper.
The US government has also charged Shilong in 2018 for targeting over 45 companies and government agencies and stealing hundreds of gigabytes of sensitive data from its targets, but the suspect is still at large.
Operation Cloud Hopper was a series of cyber-attacks targeting information systems of multinational companies in six continents, including those located in the EU, and gaining unauthorized access to commercially sensitive data, resulting in economic loss.
- Four Russian nationals (also wanted by the FBI) — Alexey Valeryevich, Aleksei Sergeyvich, Evgenii Mikhaylovich, and Oleg Mikhaylovich—for attempting to target the Organisation for the Prohibition of Chemical Weapons (OPCW), in the Netherlands.
- A Russian technology firm (exposed by the NSA) — Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation—for the NotPetya ransomware attack in 2017 and the cyber-attacks directed at a Ukrainian power grid in the winter of 2015 and 2016.
- A North Korean export firm — Chosun Expo, for the WannaCry ransomware attack that made havoc by disrupting information systems worldwide in 2017 and linked to the well-known Lazarus group.
According to the European Union, the two Chinese nationals who carried out Operation Cloud Hopper are members of the APT10 threat actor group, also known as 'Red Apollo,' 'Stone Panda,' 'MenuPass' and 'Potassium.'
On the other hand, the four Russian nationals were agents of the Russian intelligence agency GRU who once aimed to hack into the Wi-Fi network of the OPCW, which, if successful, would have allowed them to compromise the OPCW's ongoing investigatory work.
"Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," the Council said.
Last year, the United States also sanctioned the Lazarus group, also known as Hidden Cobra and Guardians of Peace, which has also been associated with several high-profile cyberattacks, including Sony Pictures hack in 2014 and Bangladesh Bank heist in 2016.