On June 24, the EU Council approved additional restrictions against six individuals involved in cyberattacks in EU member states and Ukraine. The EU Council has released an official statement regarding this matter.
The cyberattacks targeted information systems in EU member states related to critical infrastructure, important government functions, classified information storage or processing, and government emergency response teams.
Cybercriminals using ransomware campaigns against essential services like healthcare and banking are facing new restrictions.
The sanctions list included Ruslan Peretyatko and Andrey Korinets, two members of the Callisto group.
The Callisto group is a group of Russian military intelligence officers who conduct cyber operations against EU member states and third countries through sustained phishing campaigns aimed at stealing sensitive data related to critical government functions, including defense and foreign affairs.
The Russian Federal Security Service (FSB), which supports the Armageddon hacker group, also faced the sanctions.
The group carried out various cyberattacks with a significant impact on the governments of EU member states and Ukraine, including through phishing emails and malware campaigns.
In addition, the sanctions targeted Mikhail Tsarev and Maxim Galochkin, key players in the deployment of the Conti and Trickbot malware, as well as those involved in Wizard Spider.
The Wizard Spider group created and developed Trickbot, a malicious spyware program that has conducted ransomware campaigns in various sectors, including essential services like healthcare and banking, resulting in significant economic losses in the European Union.
EU cyber sanctions currently apply to 14 individuals and four legal entities. They include asset freezes and travel bans. Furthermore, the list prohibits EU individuals and legal entities from providing funds to the individuals on it.
Prosecutors at the International Criminal Court are reportedly looking into Russia’s cyberattacks on Ukrainian civilian infrastructure following the full-scale invasion on June 14 as potential war crimes.
In addition, Denmark has recently decided to raise the threat level of destructive cyberattacks on businesses, organizations, and authorities from low to medium due to Russia’s “intensified hybrid warfare.”
Latest Russian cyber attacks
Russia is increasing malign disinformation campaigns against France, French President Emmanuel Macron, the International Olympic Committee, and the Olympic Games in Paris, Microsoft wrote in early June.
These Russian disinformation operations have two principal goals: 1) denigrate the reputation of the IOC; and 2) create the expectation of violence breaking out in Paris at the Olympics, Microsoft reported. The hackers also released fake videos about expectations of violence during the games, according to a new report by the Microsoft Threat Intelligence Center.
In another repot, Microsoft warned the US politicians that Russia’s Foreign Intelligence Service (SVR) “continues to be one of the best supplied and most sophisticated cyber agencies worldwide.”
Microsoft reported that the corporation has seen that SVR has become “more aggressive.” He explained that now, when experts detect Russia’s activities in the Internet environment, it does not withdraw but rather doubles its attacks.
Recent insights from Mandiant, a subsidiary of Google specializing in cyber threat analysis, reveal that a Russian group of hackers called APT44 (also dubbed Sandworm) has played a pivotal role in orchestrating disruptive and destructive cyber operations against Ukraine over the past decade, executing the Kremlin’s covert agenda.
The cyber group Sandworm has been known to target essential infrastructures such as power plants, leading to the decommissioning of computer systems without any demands for ransom—a tactic not commonly seen among cyber attackers, who typically pursue financial gains.
In early June, a severe ransomware attack attributed to a Russian cybercrime group has struck major hospitals in London, causing significant disruptions and highlighting vulnerabilities in healthcare cybersecurity, the Independent reported.
The International Criminal Court’s prosecutors are investigating Russia’s cyberattacks on Ukrainian civilian infrastructure as possible war crimes during the full-scale invasion, according to Reuters. Prosecutors at the International Criminal Court are investigating the cyberspace attacks for the first time, and this could theoretically result in the issuance of arrest warrants for the accused.
The investigation looks into Russia’s cyberattacks on infrastructure that endangered people’s lives, including disrupting electricity and water supplies, communications with emergency services, and air traffic warning services. Reuters’ sources said that the ICC is investigating at least four major attacks on Ukraine’s energy infrastructure, including a cyberattack on the Kyivstar mobile network operator in late 2023.