The European Council adopted additional restrictive measures against three Russian individuals responsible for a series of cyberattacks carried out against the Republic of Estonia in 2020. The individuals listed are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155.
The cyber-attacks granted attackers unauthorized access to non-public information and sensitive data stored within several government ministries. These included the Ministries of Economic Affairs and Communications, and Social Affairs, leading to the theft of thousands of confidential documents. These documents included business secrets, health records, and other critical information compromising the security of the affected institutions. Although the Ministry of Foreign Affairs was also targeted, no sensitive or non-public data was accessed. Unit 29155 is also responsible for conducting cyber-attacks against other EU member states and partners, notably Ukraine.
The covert unit, known for its involvement in foreign assassinations and destabilisation activities such as bombings and cyber-attacks across Europe, and some of its military personnel active in Ukraine, Western Europe and Africa, was also sanctioned last year under the new sanction regime in view of Russia’s destabilising activities.
With latest listings, the EU horizontal cyber sanctions regime now applies to 17 individuals and 4 entities. It includes an asset freeze and a travel ban, and the prohibition for EU persons and entities to make funds available to those listed.
