BRUSSELS (Reuters) – The European Union on Thursday imposed travel and financial sanctions on a department of Russia’s military intelligence service and on firms from North Korea and China over their suspected participation in major cyberattacks across the world.
In its first ever sanctions related to cybercrime, the EU targeted the department for special technologies of the Russian military intelligence service, known as Main Directorate of the General Staff of the Armed Forces of the Russian Federation, it said in a statement.
The bloc accused the Russian service of having carried out two cyberattacks in June 2017, which hit several companies in Europe resulting in large financial losses. The service is also accused of two cyberattacks against Ukraine’s power grid in 2015 and 2016.
Four individuals working for the Russian military intelligence service were also sanctioned for allegedly participating in an attempted cyberattack against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands in April 2018.
North Korean company Chosun Expo was also sanctioned on suspicion of having supported the Lazarus Group, which is deemed responsible for a series of major attacks worldwide, including an $81 million heist against Bangladesh Bank’s account at the Federal Reserve Bank of New York in 2016, the world’s biggest cyber fraud.
The company is also allegedly linked to an attack against Hollywood film studio Sony Pictures to prevent the release of a satirical movie about North Korean leader Kim Jong-un in 2014.
The U.S. Treasury last year imposed sanctions on the Lazarus Group and two other North Korean hacking groups for their alleged participation in the attacks on Sony Pictures and the central bank of Bangladesh, among others. It said North Korea’s main intelligence service was behind the hacking groups.
North Korea has denied any involvement in cyberattacks.
The EU sanctions also hit Chinese firm Haitai Technology Development, which is accused of having supported cyberattacks – known as Operation Cloud Hopper – aimed at stealing commercially sensitive data from multinationals across the world. Two Chinese individuals allegedly involved in the attacks were also sanctioned.
Sanctions include travel bans and asset freezes. EU individuals, companies and other entities are forbidden from making funds available to those blacklisted.
China’s diplomatic mission to the European Union said in a statement early on Friday that China “is a staunch defender of network security and one of the biggest victims of hacker attacks.”
China wants global cyberspace security to be maintained through “dialogue and cooperation” and not by unilateral sanctions, the statement added.
(Reporting by Francesco Guarascio @fraguarascio; Additional reporting by Wang Jing and David Stanway in Shanghai; Editing by Mark Potter, Hugh Lawson and Lincoln Feast.)