EU freezes assets in major crackdown against notorious cyber gangs

The EU has issued sanctions against individuals and organisations associated with the world’s most notorious hacks for the first time, with the aim of restricting resources and deterring them from future attacks.

Individuals highlighted by a European Council legal document face asset freezes and travel bans as part of a package of measures that comprise a fightback against some of the most dangerous cyber threats facing European countries.

This is in addition to a ban on any other individuals or companies from conducting business with or providing funds to those mentioned in the report. So far six individuals and three organisations are listed.

Those included are said to be behind the devastating WannaCry, NotPetya and Operation Cloud Hopper campaigns.

“Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool,” the European Council said.

“In recent years, the EU has scaled up its resilience and its ability to prevent, discourage, deter and respond to cyber threats and malicious cyber activities in order to safeguard European security and interests.”

The sanctions aim to deter cyber criminals from carrying out malicious campaigns, and follows the establishment of a framework in June 2017, giving EU member states the power to use such measures against organisations and individuals.

Gao Qiang and Zhang Shilong, as well as the Huaying Haitai Science and Technology Development Co Ltd, have been identified as being behind Operation Cloud Hopper which targeted businesses in December 2018.

IBM and HPE were reportedly among those targeted by the cyber campaign which mainly arose through a malware known as Quasar RAT, with the aim being to steal corporate secrets for competitive advantage. Huaying Haitai is charged with providing financial, technical or material support for Operation Cloud Hopper.

The special technologies branch of the GRU, the Russian armed forces, is also included in the report and has been implicated in several cyber attacks, including the NotPetya campaign. Individuals listed in the legal document, who are also members of the GRU, include Alexey Minin, Aleksei Morenets, Evgenii Serebriakov and Oleg Sotnikov.

These attacks rendered data inaccessible for a number of companies by targeting machines with ransomware in June 2017. The infamous attacks against the Ukrainian power grid in 2015 and 2016 were also as a result of NotPetya.

The WannaCry attack, which inadvertently devastated the NHS, was facilitated in-part by Chosun Expo, which provided financial, technical or material support to the hackers, according to the European Council.

The cyber crime outfit known as the Lazarus Group, or APT38, has been associated with the North Korean-linked Chosun Group by European officials.