EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews

The European Union has, for the first time ever, slapped sanctions on hacking crews.

The EU's Council of Ministers has cracked down on six individuals and three companies in China, North Korea, and Russia for breaking into computer networks, stealing information, and spreading malware.

"Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," the EU said of the decision. "The legal framework for targeted restrictive measures against cyber-attacks was adopted in May 2019 and recently renewed."

The sanctions will take the form of asset freezes and travel bans, as well as blocks on any EU person or company doing business with any of those listed. Many of those sanctioned already face charges or restrictions in other countries, such as America.

One group on the receiving end of Europe's ire is the miscreants behind Operation Cloud Hopper. As the name suggests, this gang hacked cloud providers who were hosting systems for European companies, and in some cases made off with those customers' intellectual property and trade secrets, mainly in the defense and aerospace sectors. IBM and HPE were said to be among Cloud Hopper's victims.

The EU said two individuals involved in the operation, Gao Qiang and Zhang Shilong (also wanted by the FBI), will now face sanctions, as will the company that served as their base of operations, Huaying Haitai. All are based out of Tianjin, China.

Sanctions were next imposed on Russian miscreants behind the 2018 intrusion into the Wi-Fi network of a Dutch chemical-weapons watchdog, the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands. Alexey Valeryevich Minin, Aleksei Sergeyvich Morenets, Evgenii Mikhaylovich Serebriakov, and Oleg Mikhaylovich Sotnikov are accused of renting a car and going war-driving by the OPCW to infiltrate the agency's wireless network and steal data.

At the time, OPCW was among the labs investigating the Kremlin-linked Novichok poisonings in England, and chemical weapons attacks in Syria.

Meanwhile, a Moscow-based team tied to GRU, the Russian military intelligence service, was sanctioned for its role in a pair of high-profile malware outbreaks: the GRU's Main Center for Special Technologies (GTsST) was said by the council to have been the source of the infamous NotPetya malware. The 2017 outbreak of the ransomware crippled the machines of a number of large corporations and topped a billion dollars worth of damage in what was called at the time the most expensive malware pandemic in history.

GTsST was also blamed for attacks on Ukranian power companies over the winter months spanning 2015 and 2016.

Finally, there's the Chosun Expo business, a North Korean financial operation that is said to have bankrolled the development and outbreak of the WannaCry ransomware.

"WannaCry disrupted information systems around the world by targeting information systems with ransomware and blocking access to data," the council said. "It affected information systems of companies in the Union, including information systems relating to services necessary for the maintenance of essential services and economic activities within Member States."

Chosun Expo is also believed to be backing Lazarus Group, a long-running North Korean hacking crew that boasts an impressive arsenal of hacking tools and largely targets financial institutions with its attacks. ®