European Centre for Counterterrorism and Intelligence Studies, Germany & Netherlands – ECCI
Cyber-attacks: six persons added to EU sanctions list for malicious cyber activities against EU member states and Ukraine
consilium.europa.eu – The Council today approved additional restrictive measures against six persons involved in cyber-attacks affecting information systems relating to critical infrastructure, critical state functions, the storage or processing of classified information and government emergency response teams in EU member states. For the first time, restrictive measures are being taken against cybercriminal actors that use ransomware campaigns against essential services, such as health and banking.
The new listings include two members of the ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets. The ‘Callisto group’ is a group of Russian military intelligence officers conducting cyber operations against EU member states and third countries through sustained phishing campaigns intended to steal sensitive data in critical state functions, including defence and external relations.
The EU also targeted Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, a group supported by the Federal Security Service (FSB) of the Russian Federation that carried out various cyber-attacks with a significant impact on the governments of EU member states and Ukraine, including by using phishing emails and malware campaigns.
In addition, Mikhail Tsarev and Maksim Galochkin, key players in the deployment of the malwares ‘Conti’ and ‘Trickbot’ and involved in ‘Wizard Spider’, are also sanctioned. Trickbot is a malicious spyware program, created and developed by the threat group ‘Wizard Spider’, which has conducted ransomware campaigns in a variety of sectors, including essential services such as health and banking, and is therefore responsible for significant economic damage in the European Union.
The EU horizontal cyber sanctions regime currently applies to 14 individuals and four entities, and includes an asset freeze and a travel ban. Additionally, EU persons and entities are forbidden from making funds available to those listed.
With these new listings, the EU and its member states reaffirm their willingness to step up efforts to provide a stronger and more sustained response to persistent malicious cyber activities targeting the EU, its member states and partners. This is in line with joint efforts with our international partners, such as the UK and the US, to disrupt and respond to cyber crime. The EU remains committed to a global, open, and secure cyberspace and, reiterate the need to strengthen international cooperation to promote the rules-based order in this area.
The Council today approved additional restrictive measures against six persons involved in cyber-attacks affecting information systems relating to critical infrastructure, critical state functions, the storage or processing of classified information and government emergency response teams in EU member states. For the first time, restrictive measures are being taken against cybercriminal actors that use ransomware campaigns against essential services, such as health and banking.
The new listings include two members of the ‘Callisto group’, Ruslan Peretyatko and Andrey Korinets. The ‘Callisto group’ is a group of Russian military intelligence officers conducting cyber operations against EU member states and third countries through sustained phishing campaigns intended to steal sensitive data in critical state functions, including defence and external relations.
The EU also targeted Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group’, a group supported by the Federal Security Service (FSB) of the Russian Federation that carried out various cyber-attacks with a significant impact on the governments of EU member states and Ukraine, including by using phishing emails and malware campaigns.
In addition, Mikhail Tsarev and Maksim Galochkin, key players in the deployment of the malwares ‘Conti’ and ‘Trickbot’ and involved in ‘Wizard Spider’, are also sanctioned. Trickbot is a malicious spyware program, created and developed by the threat group ‘Wizard Spider’, which has conducted ransomware campaigns in a variety of sectors, including essential services such as health and banking, and is therefore responsible for significant economic damage in the European Union.
The EU horizontal cyber sanctions regime currently applies to 14 individuals and four entities, and includes an asset freeze and a travel ban. Additionally, EU persons and entities are forbidden from making funds available to those listed.
With these new listings, the EU and its member states reaffirm their willingness to step up efforts to provide a stronger and more sustained response to persistent malicious cyber activities targeting the EU, its member states and partners. This is in line with joint efforts with our international partners, such as the UK and the US, to disrupt and respond to cyber crime. The EU remains committed to a global, open, and secure cyberspace and, reiterate the need to strengthen international cooperation to promote the rules-based order in this area.
European Centre for Counterterrorism and Intelligence Studies, Germany & Netherlands – ECCI
