EU and UK blacklist Russian cyber operators

UK and EU authorities target Russian cyber operators and state-backed hackers with new financial sanctions to protect European infrastructure.

EU and UK blacklist Russian cyber operators - russian cyber operators
EU and UK blacklist Russian cyber operators

European Union and United Kingdom authorities imposed a coordinated set of financial sanctions on Friday targeting dozens of Russian individuals and organizations accused of cyberattacks on European infrastructure. The measures target a network of Russian intelligence operatives, private companies, and hackers linked to state-directed operations.

Targets include FSB cyber units

The United Kingdom sanctioned 24 individuals and entities, while the European Union restricted measures against nine people and four companies. The European Council stated that the sanctioned groups include self-proclaimed hacktivists and private firms operating under the direction or control of the Russian state. The Council condemned the “misuse” of this cyber ecosystem, which the UK Foreign Secretary described as sinking to “new lows” in its attempts to undermine European security.

According to the Council of the EU, the 16th Centre of Russia’s Federal Security Service (FSB) is responsible for directing multiple espionage and sabotage campaigns. This unit is accused of targeting government networks and critical infrastructure across several European nations, including Poland, France, Germany, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland. The sanctions document highlights specific operations, including the targeting of combined heat and power plants in Poland.

Recent attacks on Polish infrastructure

On December 29, 2025, attackers targeted more than 30 wind and solar farms, a combined heat and power plant, and a manufacturing company in Poland. The malware used in the attack was previously unseen and designed for operational technology systems. Despite the scale of the intrusion, the operation failed to disrupt electricity generation or heat supply. More recently, Poland blocked a cyberattack targeting the IT infrastructure of the National Centre for Nuclear Research (NCBJ), the country’s leading nuclear research institute.

The UK government also focused sanctions on individuals associated with the Lumma Stealer, an information-stealing malware. Russian operatives have used credentials stolen by this malware to support espionage operations. The National Crime Agency estimated that at least 2,100 UK victims were affected by these credential thefts over the past six months. The EU High Representative for Foreign Affairs and Security Policy, Kaja Kallas, described the package as the EU’s largest-ever cyber sanctions designations since the 2022 invasion of Ukraine.

This latest round of restrictions follows another set of EU cyber sanctions imposed in March, which targeted companies from China and Iran and two individuals over attacks on member states. Separately, the National Security Agency (NSA) and its partners released guidance on protecting routers against cyber activity attributed to Russia’s FSB Center 16. Microsoft later released a fix for a flaw in its RoguePlanet Defender software that could have facilitated such operations.

Leave a Reply