The Council of the European Union is imposing sanctions on four persons for involvement in the Russian attempted hacking of the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague in 2018.
Russians Aleksei Morenets, Evgenii Serebriakov, Oleg Sotnikov and Aleksey Minin are held responsible for the foiled attack on OPCW. Defense caught the spies of the Russian intelligence service red-handed on April 13, 2018, when they tried to penetrate the organization's Wi-Fi network.
It is the first time that Brussels has imposed sanctions for a digital attack. The Council of the European Union has had this competence since May 2019. People and organizations that carry out cyber attacks on EU targets from outside the European Union can be punished by the Council.
The inclusion on the sanction list means that all assets of the organization or person are frozen. In addition, EU Member States must ensure that the said persons do not enter their territory. The sanctions must help to prevent new cyber attacks against European targets.
See also: How the Russian hackers came into the picture at the MIVD
Sandworm hackers group also on the sanctions list
Unit 74455 of the Russian intelligence service GRU has also been placed on the sanctions list. The Council of the European Union holds the group, sometimes referred to as Sandworm, responsible for the NotPetya attack in June 2017.
The NotPetya virus took hundreds of computers hostage in Ukraine in 2017 and then spread to the rest of the world. In the Netherlands, among other things, a terminal of the port of Rotterdam was shut down.
The same unit is also held responsible for an attack on the Ukrainian power grid in the winter of 2015. The attack left thousands of Ukrainians in the cold.
See also: You should know about Petya, the 'cyber attack concealed as ransomware'
North Korean organization also punished
The Council also holds the North Korean organization Chosun Expo responsible for the dissemination of WannaCry. Just like NotPetya, this is ransomware: rogue software that takes computers hostage.
The attack with WannaCry took place in 2017. North Korea was already designated as a culprit by the United States in December of that year. A year later, the US sued a North Korean hacker for involvement in the attack.
This person is also being charged by the US with cyber attacks on Sony and a major bank robbery on the central bank of Bangladesh. The attack attempted to steal $ 1 billion, but managed to capture as little as a tenth of it.
According to the Council of the European Union, Chosun Expo provided "financial, technical or material support for and facilitated a range of cyber attacks" on multiple targets. In addition to WannaCry, the Council also mentions the theft on the Bangladesh Bank.
Chinese hackers who supposedly attacked Philips on list
Finally, the Chinese company Huaying Haitai and its two Chinese have been identified as suspects behind Operation Cloud Hopper. This hacking operation would have targeted Philips, among others.
Haitai would aim to provide "financial, technical and material support" for the Cloud Hopper operation. The organization is linked to APT10. In December 2018, the AIVD explicitly warned that this group of Chinese hackers is targeting Dutch companies.
Chinese men Gao Qiang and Zhang Shilong are said to have been employed by Haitai and placed on the sanctions list for involvement in the Cloud Hopper attacks.
Improvement: In an earlier version of this article, Unit 74455 of the Russian intelligence agency GRU was incorrectly referred to as Fancy Bear. This has been adapted to Sandworm.