EU and UK Sanction Russian Spies and Hackers Over Cyberattack Campaign

Written by

in

06/05/2022 Ilustración hackers rusos

POLITICA 
Europa Press/Contacto/La Nacion

The European Union and the United Kingdom imposed coordinated sanctions on Monday against officers of Russian intelligence services, hackers and private companies linked to the Kremlin, in response to what they described as a campaign of cyberespionage and digital sabotage targeting governments and critical infrastructure across Europe. This is the first time the two blocs have acted together on cybersecurity since the UK left the EU in 2020.

Brussels applied restrictive measures—mainly asset freezes and travel bans—against nine individuals and four entities. London went further, adding 24 names to its blacklist, including senior figures from Russian military intelligence, known by its Russian acronym GRU, who are accused of directing hybrid-threat operations. The British government described the package as the first joint cyber sanctions with the EU and framed it as a response to what it calls the Russian state’s increasingly reckless attempts to sow chaos and division in Europe.

The core of the EU measures targets the so‐called Center 16 of the Russian Federal Security Service (FSB), the country’s main domestic intelligence and counterintelligence agency and successor to the Soviet KGB. According to the EU, this unit controls several cyber threat groups, including Turla, active for more than two decades and linked to espionage against government and defense targets in France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland since at least 2010. The EU’s chief on foreign policy, Kaja Kallas, said the FSB “has carried out a wide range of malicious cyber activities of growing severity.”

FOTO DE ARCHIVO. Banderas de la Unión Europea ondean frente a la sede de la Comisión Europea en Bruselas, Bélgica, el 19 de septiembre de 2019
REUTERS/Yves Herman/File Photo

The immediate trigger for the sanctions was the 29 December 2025 attack on Poland’s power grid. On that day, hackers linked to Center 16 deployed destructive malware—dubbed DynoWiper—against more than 30 wind and solar parks, a combined heat and power plant, and a manufacturing firm, aiming to destroy data in industrial control systems. The operation ultimately failed, but Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, said in January that the country had come “very close” to a massive blackout during one of the coldest periods of the winter. The British Foreign Office estimated the attack could have left 500,000 people without electricity.

The Kremlin has consistently denied involvement in offensive cyber operations. President Vladimir Putin said last month that European accusations of sabotage are unfounded and intended to justify the West’s “aggressive plans” against Russia. Nevertheless, the rate of incidents attributed to Moscow has accelerated. In April, Sweden pointed to a pro‐Russian group with links to Russian security services as responsible for a cyberattack on a heating plant. Authorities in Poland, Norway, Denmark and Latvia have warned in recent months that Russia is targeting critical infrastructure across the continent.

This activity takes place within a broader hybrid war that has intensified alongside the armed conflict in Ukraine, now in its fifth year. Western intelligence services have documented how Moscow has outsourced parts of its digital operations to hacktivist groups, private firms and cybercriminal networks, complicating direct attribution and providing the state with plausible deniability. Monday’s sanctions aim to dismantle that cover: the British government stressed that Russia “cannot hide behind the use of these intermediary groups.” The coordination between London and Brussels, despite Brexit, indicates that the Russian cyberthreat is, paradoxically, acting as a practical force for renewed cooperation between the United Kingdom and its European neighbors.