EU sanctions Russian GRU military hackers over cyberattacks
EU and UK sanction Russian GRU hackers and entities for cyberattacks.
Summary
The European Union and the United Kingdom have jointly imposed sanctions on numerous Russian individuals and entities, accusing Russia of orchestrating a network of hacking groups responsible for widespread cyberattacks across Europe. The sanctions target GRU officers, cybercriminals, and entities linked to malware operations and disinformation campaigns, with specific mention of the Turla hacking group and the Sandworm team's attempted attack on Poland's critical infrastructure.
Full text
EU sanctions Russian GRU military hackers over cyberattacks By Sergiu Gatlan July 13, 2026 07:19 AM 0 The European Union and the United Kingdom jointly sanctioned dozens of Russian individuals and entities and accused Russia of coordinating a network of hacking groups responsible for attacks across Europe. Today, the Council of the European Union announced sanctions on nine individuals and four entities, including Russian military intelligence (GRU) officers and cybercriminals, while the UK separately sanctioned 24 individuals and entities, including senior GRU figures Vyacheslav Stafeyev, Ivan Senin, and Ivan Kasyanenko, whom officials say directed cyber and hybrid operations. Britain also sanctioned members of the IMPULS company, accused of recruiting hackers from Russian universities, as well as individuals tied to the Lumma Stealer malware operation, which UK authorities linked to at least 2,100 domestic victims over six months. Ten people connected to media outlet Rybar LLC were also designated for spreading anti-Ukraine narratives and alleged election interference in Moldova and Armenia. The Council of the EU also publicly identified the 16th Centre of Russia's Federal Security Service (FSB) as controlling several cyber threat groups, including the notorious Turla hacking group. Officials said the unit has spent years targeting government networks and critical infrastructure in France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland, running cyberespionage campaigns against government and defense targets since 2010. Turla hackers were also linked to a recent failed strike targeting Poland's critical infrastructure, including energy grid organizations such as heat and power plants, which could have cut power to roughly 500,000 people during winter. "Cybercriminals, self-proclaimed hacktivists and private companies linked to Russia, including actors operating under its instructions, direction or control, have also carried out, enabled and facilitated a wide range of malicious activities. We strongly condemn Russia's behaviour and misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruptions and financial losses," the Council of the EU said. "In response to malicious activities, the EU is also imposing restrictive measures on nine individuals and four entities. These EU sanctions include GRU intelligence officers, as well as cybercriminals, self-proclaimed hacktivists and private companies that contribute to Russia's efforts to destabilise the EU, its member states and international partners." As BleepingComputer previously reported, a cyberattack in late December that hit dozens of entities in Poland's power grid damaged key operational technology (OT) equipment beyond repair but failed to disrupt power. The incident was later attributed to the Russian state-backed hacking group Sandworm, which attempted to deploy the destructive DynoWiper data-wiping malware and disable compromised devices. More recently, Poland also blocked a cyberattack targeting the IT infrastructure of the National Centre for Nuclear Research (NCBJ), the country's main government nuclear research institute specializing in nuclear physics, reactor technology, and particle physics. Today's sanctions come on the heels of the European Commission's January proposal for new cybersecurity legislation designed to strengthen defenses against cybercrime and state-backed threat groups targeting European critical infrastructure. In March, the Council of the European Union also sanctioned three Chinese and Iranian companies for coordinating cyberattacks targeting EU member states' critical infrastructure. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: US and allies warn of Russian critical infrastructure attacksRussian hackers turn Kazuar backdoor into modular P2P botnetNew U-Boot flaws could enable stealthy firmware attacksThe Replicant in Your Directory: AI Agents and the Identity Security GapUkraine's army targeted in new charity-themed malware campaign
Indicators of Compromise
- malware — Lumma Stealer
- malware — DynoWiper