Russia/China/North Korea: On Thursday, the European Union (EU) announced new sanctions, which does not seem unusual. What makes these sanctions unique is that they specifically target organizations and individuals involved in cyber-attacks against the EU and its members. Specifically named in the sanctions were Russia’s foreign military intelligence service (GRU) Unit 74455, Chosun Expo, which is a front company for North Korea’s APT38, and Huaying Haitai, a company with ties to the Chinese threat actor APT10, as well as four specific members of Russia’s GRU and two employees of Huaying Haitai. The sanctions against those named include asset freezes and travel bans, as well as measures which forbid EU organizations and citizens from working with, or supporting those individuals and organizations. These sanctions come in response to multiple cyber-attacks including the attempted cyber-attack against the Organizations for the Prohibition of Chemical Weapons (OPCW), the WannaCry campaign, NotPetya, and Operation Cloud Hopper.
While this is the first time that the EU has utilized sanctions in retaliation to cyber-attacks, the means for doing so was put in place over a year ago. In May of 2019, the EU added framework to support its Common Foreign and Security Policy which would allow for sanctions against individuals or entities which were believed to be behind cyber-attacks against the EU and its members. The response to these sanctions will be interesting to see unfold in the coming weeks and months. Both China and Russia have a history of responding to sanctions by vehemently denouncing the entities who leverage sanctions against them, and in some cases leverage their own sanctions in retaliation. North Korea, on the other hand, will quickly look to bypass the sanctions by any means necessary, especially when those sanctions have a financial impact. Following China’s support of UN sanctions which required the expulsion of North Korean businesses and businessmen from China, North Korea increased financially based cyber-attacks to supplement the financial loss from those businesses. While these sanctions will likely lead to a change in how each of these organizations target EU based entities, they will likely not stop the cyber-attacks or cyber-espionage activities for long. More information on this incident can be found at: https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-espionage-unit-chinese-and-north-korean-firms/
The announcement of new sanctions by the EU can be found at: https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/