The European Union today imposed sanctions on three Russian military intelligence officers for their involvement in a series of cyberattacks targeting Estonian government agencies in 2020.
The individuals, identified as Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov, are members of Russia’s General Staff of the Armed Forces (GRU) Unit 29155.
This covert unit is notorious for its disrupting activities, including cyber espionage, sabotage, and crimes across Europe.
Three Russian Hackers Sanctioned
The attacks orchestrated by Unit 29155 breached the computer systems of several Estonian ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs.
The perpetrators gained unauthorized access to classified information and sensitive data, stealing thousands of confidential documents. These included business secrets, health records, and other critical information that compromised the security of Estonia’s government institutions.
The EU Council stated that the attacks were aimed at gathering intelligence on Estonia’s cybersecurity policies and disrupting governmental operations.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
The stolen data posed significant risks to national security and highlighted the evolving threat landscape of state-sponsored cyber-espionage.
Unit 29155 has been linked to numerous cyberattacks targeting NATO members, EU states, and other global entities.
Known in the cybersecurity community under aliases such as “Cadet Blizzard” and “Ember Bear,” the group has conducted operations ranging from phishing campaigns to deploying malware like backdoors and information stealers.
Since early 2022, the unit has focused on disrupting aid efforts to Ukraine amidst the ongoing conflict.
Beyond cyberattacks, Unit 29155 has been implicated in destabilization campaigns involving sabotage and assassinations. The group’s activities underscore its role as a key tool in Russia’s hybrid warfare strategy.
EU Sanctions Framework
The sanctions were enacted under the EU’s cyber sanctions regime established in 2019. With these latest additions, a total of 17 individuals and four entities are now subject to the EU’s cyber sanctions regime.
The decision reflects the EU’s commitment to countering malicious cyber activities that threaten its security and stability.
Josep Borrell, High Representative for Foreign Affairs and Security Policy, emphasized that such measures send a clear message: “Cyberattacks targeting EU member states will not go unpunished.”
The sanctions also align with the “Cyber Diplomacy Toolbox,” a framework adopted in 2017 to guide joint responses to cyber threats. This toolbox enables coordinated actions such as diplomatic protests, public attributions, and restrictive measures against perpetrators.
As state-sponsored cyber threats grow more sophisticated, international cooperation remains critical.
The EU’s actions against GRU Unit 29155 highlight its resolve to safeguard cyberspace while holding malicious actors accountable. With this move, Europe continues to bolster its cybersecurity resilience amid escalating geopolitical tensions.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
