EU sanctions China and Russia over cyber attacks

The European Union (EU) has applied restrictive measures to six individuals accused of cyber attacks against European targets, two Chinese citizens and four Russians, as well as three organisations, one each from China, North Korea and Russia.

The measures include a travel ban and asset freeze to the six named individuals, and an asset freeze to the three named organisations, which includes Russia’s intelligence services. Going forward, the EU will also ban directly or indirectly making funds available to the listed individuals or organisations.

In a declaration, high representative Josep Borrell said: “The European Union and its member states have repeatedly signalled their concern and denounced malicious behaviour in cyber space.

“Such behaviour is unacceptable as it undermines international security and stability and the benefits provided by the internet and the use of information and communication technologies [ICTs].

“We strongly promote a global, open, stable, peaceful and secure cyber space where human rights and fundamental freedoms and the rule of law fully apply, supporting the acceleration of social, political and economic development.

“The measures follow the European Union and member states consistent signalling and determination to protect the integrity, security, social wellbeing and prosperity of our free and democratic societies, as well as the rules-based order and the solid functioning of its international organisations.”

“We will continue to strengthen our cooperation to advance international security and stability in cyber space, increase global resilience and to raise awareness on cyber threats and malicious cyber activities,” said Borrell.

The named individuals are:

• Qiang Gao of China, accused of involvement in Operation Cloud Hopper, which targeted the IT systems of multinational businesses and gained access to commercially sensitive data. Gao is linked to the APT10 group, also known as Red Apollo or Stone Panda.
• Shilong Zhang of China, accused of involvement in the same operation, with links to the same groups.
• Alexey Minin of Russia, accused of taking part in a significant cyber attack against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands. Minin was a human intelligence support officer in the GRU, part of a team of four military individuals who tried to hack the OPCW in 2018 but were stopped by the Dutch Defence Intelligence and Security Service.
• Aleksei Morenets of Russia, a cyber operative in the same attack.
• Evgenii Serebriakov of Russia, a cyber operative in the same attack.
• Oleg Sotnikov of Russia, a human intelligence support operative and the final member of the team.

The three organisations are:

1. Tianjin Huaying Haitai Science and Technology Development Co. Ltd, which is accused of providing financial, technical and material support to Operation Cloud Hopper.
2. Chosun Expo, also known as Chosun Expo Korea Exoirt Joint Venture, a North Korea based operation, which provided financial, technical and material support to the APT38 or Lazarus group that was behind a series of cyber attacks, including the Sony Pictures hack and the WannaCry incident which disrupted the NHS.
3. Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), for its role in a number of significant cyber attacks including NotPetya via the group known as Sandworm, Voodoo Bear and other monikers.

“The European Union and member states will continue to strongly promote responsible behaviour in cyber space, and call upon every country to cooperate in favour of international peace and stability, to exercise due diligence and take appropriate action against actors conducting malicious cyber activities,” added Borrell.