Behind EU-UK Sanctions Against Russia Over Cyber Attacks

Share this article
Share this article
Prioritise Us on Google
John Hultquist, Chief Analyst at Google Threat Intelligence Group | Credit: Google Cloud Security
The first joint UK-EU cyber sanctions package targets 24 individuals and entities accused of supporting the Russian state's cyber operations

Russian state and cybercriminal proxies have been hit with a fresh wave of EU and UK sanctions.

The cyber sanctions fall on 24 individuals and entities accused of supporting the Russian state's cyber operations, election interference campaigns and anti-Ukraine disinformation efforts. 

Marking the first joint UK-EU cyber sanctions package, the UK Government’s press release also includes the formal attribution of the cyber attack against Poland's energy grid to Russia's Federal Security Service (FSB) Centre 16. 

Although the “reckless attack” failed, the UK Government said that it had the potential to leave up to 500,000 people without electricity during winter. 

“It is another example of the Russian state’s irresponsible attempts to sow chaos across Europe,” the government said. 

Yvette Cooper, UK Foreign Secretary | Credit: UK Parliament

Foreign Secretary, Yvette Cooper says that: “These sanctions strike at the core of the cybercriminal networks propping up the Russian state’s aggression and the UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups.

“From directing criminals to targeting businesses and striking Poland’s energy grid in the depths of winter, the Russian state is sinking to new lows in its attempts to undermine European security.

“Together with our partners, Britain will continue to call out this behaviour, bolster our resilience and respond to the hybrid threat posed by the Russian state. This will not deter us from supporting Ukraine.”

Russian intelligence hires hackers for war 

On the list of sanctioned names are senior figures from Russia's military intelligence agency, the GRU, including Vyacheslav Stafeyev, Ivan Senin and Ivan Kasyanenko. 

The UK Government says that these individuals directed cyber and hybrid threat operations through GRU Unit 29155, which worked with cybercriminal groups, including the company IMPULS to recruit hackers and cyber specialists from Russian universities and military academies.

FSB’s Center 16 is home to some of the most disciplined, sophisticated actors in the cyber espionage landscape.
John HultquistChief Analyst at Google Threat Intelligence Group

As the country is at war with Ukraine, the Government said Russian intelligence agencies have increasingly relied on cyber criminal networks to gather intelligence and support military and foreign policy objectives.

Lumma Stealer and global cyber espionage

Powerful malware that extracts browser-saved credentials, cookies and autofill data, Lumma Stealer has been wreaking havoc, operating under a malware-as-a-service (MaaS) model.

The sanctions package targets the individuals behind Lumma Stealer, which has been used by cybercriminals to harvest credentials and sensitive data from compromised devices.

The UK Government revealed that Russia has used these stolen credentials to conduct cyber espionage operations against targets around the world in support of Kremlin objectives.

The UK's National Crime Agency notes that at least 2,100 victims in the UK have been affected by Lumma Stealer during the past six months. 

The Russian disinformation network

The 24 people and entities that are now under sanctions include 10 individuals connected to Rybar LLC – a Russian state-backed media organisation accused of spreading false narratives about Ukraine and interfering in elections across Europe, including in Moldova and Armenia.

Those sanctioned include directors, senior management and content designers at Rybar. 

Key facts
  • UK_EU sanctions fall on 24 individuals and entities accused of supporting the Russian state's cyber operations
  • Among the sanctioned included 10 individuals connected to Rybar LLC – a Russian state-backed media organisation accused of spreading false narratives about Ukraine and interfering in elections across Europe
  • The latest measures bring the total number of UK sanctions imposed in response to Russia's invasion of Ukraine to more than 3,400

The Government said the sanctions are designed to counter both cyber attacks and influence operations that seek to undermine democratic institutions.

Perspectives and background from GTIG Analyst

“FSB’s Center 16 is home to some of the most disciplined, sophisticated actors in the cyber espionage landscape,” notes John Hultquist, Chief Analyst at Google Threat Intelligence Group.

“Their operations stretch back for decades and are characterized by brief exposures and lengthy disappearances. 

“During these quiet phases they retool and carefully reengage targets under the radar. These actors carry out espionage throughout Europe, as well as long term reconnaissance of critical infrastructure for sabotage.”

Speaking about Russia’s collaboration with its own cybercrime ecosystem, John notes that: “The blurred line between state and criminal actors allows Russia to hide its hand while carrying out the most aggressive cyber activity in recent history.”

Youtube Placeholder

John calls out the GRU “the most aggressive actor among Russia’s cyber capabilities” saying that “some of their most infamous sabotage units have active, dangerous cyber capabilities”. 

“Among other operations, the GRU has been involved in a campaign to target IP cameras throughout Europe to primarily track logistics bound for Ukraine,” which John says poses a physical risk to entities in Europe.

“As a global community, we need to look more closely at disruptive criminal activity, which is being used to obscure intelligence operations precisely because it works.”

The latest measures bring the total number of UK sanctions imposed in response to Russia's invasion of Ukraine to more than 3,400. 

Executives