Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’
EU and UK sanction Russian officials and entities for cyberespionage and destructive attacks.
Summary
The European Union, its member states, and the United Kingdom have imposed sanctions on Russian individuals and organizations, attributing years of cyberespionage and destructive attacks to Russia's Federal Security Service (FSB) and GRU. These actions target the Turla group and others, with specific mention of the FSB's role in the December cyberattacks on Poland's energy grid. The sanctions aim to disrupt Russian state-sponsored cybercriminal networks and send a message against undermining European security.
Full text
European governments sanctioned Russian individuals and organizations Monday over what they said was a years-long campaign of cyberespionage from Turla and other Russian government-led “destructive attacks” against the bloc. Monday’s confrontation of Moscow included action from the European Union, its individual member governments and the United Kingdom. It mostly took aim at Center 16 of Russia’s Federal Security Service (FSB) over its control of the cyber threat group known by a list of names including Turla, Secret Blizzard and Waterbug. “Cybercriminals, self-proclaimed hacktivists and private companies linked to Russia, including actors operating under its instructions, direction or control, have also carried out, enabled and facilitated a wide range of malicious activities,” European Union High Representative Kaja Kallas said in a statement. The EU called out Russia for the Turla campaign that dated back to 2010 in France with targeting of the government there, and has also featured activity against Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland. It made special mention of blaming the FSB for last December’s attacks on Poland’s energy grid, which left half a million people without heat. In all, the European Union sanctioned nine Russian individuals and four entities. While the EU didn’t name them, Kallas’s statement said it also included officers of Russia’s Main Intelligence Directorate of the General Staff (GRU). The United Kingdom’s cyber sanctions, the first it’s done in coordination with the EU, featured a longer list of 24 individuals and entities. The U.K. named GRU senior leadership figures Vyacheslav Stafeyev, Ivan Senin and Ivan Kasyanenko for their alleged hybrid cyberattacks in conjunction with cybercriminals and recruitment of hackers across Russian universities. The U.K. also sanctioned individuals behind Lumma Stealer, the target of an international takedown last year. “These sanctions strike at the core of the cybercriminal networks propping up the Russian state’s aggression, and the UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups,” Foreign Secretary, Yvette Cooper, said in a news release that mentioned “destructive attacks” by Russia. “From directing criminals to targeting businesses, and striking Poland’s energy grid in the depths of winter, the Russian state is sinking to new lows in its attempts to undermine European security.” At least two European governments, Germany and France, said they would be summoning Russia’s ambassadors in their nations over the attacks. Also Monday, the European Union announced sanctions against the company behind Russia’s messaging app, Max, citing its use of surveillance features to clamp down on dissent. And separately, 13 nations including the United States issued a warning on Monday about Russian government hackers targeting routers to carry out critical infrastructure attacks. Russia routinely denies allegations of responsibility for any malicious cyber activity. Share Facebook LinkedIn Twitter Copy Link
Indicators of Compromise
- malware — Turla
- malware — Secret Blizzard
- malware — Waterbug
- malware — Lumma Stealer