Recent news broke that the European Union (EU) is imposing its first-ever sanctions related to cybercrime, against six individuals and three entities accused of conducting disruptive cyberattacks in Europe. Cybersecurity experts provide an insight below on this news.
The European Union imposed sanctions against multiple people and organizations for their role in a number of cyberattacks and cyber espionage incidents. The sanctions are tied to the NotPetya and Ukraine blackout attacks carried out by the GRU as well as an act of cyber espionage that was attempted against the OPCW by that same organization. WannaCry was another global destructive event similar to the NotPetya incident that posed as ransomware, though it was carried out by North Korean actors. Cloud Hopper was a long term complex cyber-espionage operation that targeted managed service providers to gain access to third parties that were carried out by Chinese contractors working on behalf of the Ministry of State Security.
NotPetya and WannaCry were two of the most devastating cyberattacks in history, causing billions of dollars in damage and disrupting many vital systems, such as those belonging to the UK’s NHS. At least one victim of NotPetya has claimed 1.3 billion dollars in damage. The NotPetya attack was carried out by the GRU actors known as Sandworm who had previously conducted two attacks on Ukraine’s grid. Those same actors attempted a destructive attack on the Pyeongchang Olympics though no government statement has accused the Russian government for their role in that incident.
The Cloud Hopper campaign was a complex intelligence collection operation that was meant to gather intelligence rather than disrupt systems. APT10 gained access to Managed Service Providers as a means to then target their customers – organizations that used those providers to host their IT. China and others continue this type of activity, moving upstream to telecommunications and IT providers where they can gain access to multiple organizations and individuals simultaneously.
The GRU was also behind an attempt to hack the OPCW’s WI-FI network by physically visiting their facilities in the Hague. That operation was disrupted but the unit had been involved in similar operations in Switzerland, Brazil, and Malaysia which targeted the Olympics and other investigations involving Russia. The consistent use of physical human intelligence teams to supplement its intrusion efforts makes the GRU a particularly effective adversary. Sanctions may be particularly effective for disrupting this activity as they may hinder the free movement of this unit.
As the number of destructive cyberattacks continue to surge across the globe, nation-states are coming to an inflection point. The EU has is now leveraging economic power to penalize countries that launch destructive attacks. The newly imposed sanctions issued by the EU set a precedent that the world should follow. Geopolitical tension is manifesting in cyberspace and destructive attacks have increased by 102% since last year, according to a recent report by VMware Carbon Black. With the ongoing cyberwarfare created by the multiplicity of malicious actors, it is time to leverage the power of policy to help prevent, discourage, and respond to cyber threats.