The European Union (EU) has imposed its first-ever sanctions related to cybercrime on individuals and entities, including Russian military agents, North Korean firms and Chinese cyberspies allegedly involved in attacks worldwide.

Josep Borrel, EU foreign policy chief, released a statement saying the sanctions “are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.”

In a statement outlining its joint diplomatic response to “malicious cyber activities,” the EU stated it would be taking a hard-line attitude in preventing entry of targeted people and entities into the bloc, and that EU companies and individuals are forbidden from sending money to those blacklisted.

Four individuals who were identified as working for GRU, the Russian military intelligence service, were sanctioned over their alleged role in a cyberattack in 2018 against the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW).

The GRU were also sanctioned over the 2017 NotPetya attacks in which they used a virus to infect the computer systems of Ukrainian companies and demanded cryptocurrency payments to unlock systems. These attacks were believed to have spread across Europe and the United States, causing billions of dollars in financial losses globally.

North Korean-linked company Chosun Expo was also sanctioned over its suspected role in supporting the Lazarus Group, which was accused of conducting multiple major cyberattacks worldwide.

One of the group’s most prolific attacks included an US$81 million heist on the Bangladesh Bank’s account at the Federal Reserve Bank of New York in 2016. It has also been linked to a major attack in 2014 against Hollywood film studio Sony Pictures over the impending release of a satirical film about North Korean leader Kim Jong Un.

The EU hit two Chinese nationals with sanctions over accusations of their involvement in “Operation Cloud Hopper” in which they infiltrated cloud service providers and stole commercially sensitive data from multinational companies across six continents, including Europe.

One of these individuals, Zhang Shilong, was indicted in the US in 2018 over his alleged role in this operation that targeted a wide variety of industries such as aviation, biotechnology and maritime technology, according to US authorities.

Chinese company Haitai Technology Development, listed as Zhang’s employer, was also hit with the EU sanctions over its role in the operation.

China responds

The Chinese mission to the EU responded to the sanctions on Thursday, saying that China is “firmly committed to safeguarding cybersecurity and opposed cyberattacks of any kind,” according to state-controlled media outlet CGTN.

It added that the mission urged the international community to “communicate based on mutual respect and mutual benefit to safeguard cyber security,” instead of imposing unilateral sanctions.

Have a tip or story? Get in touch with our reporters at tips@themilsource.com