EU sanctions Russian hackers over 2015 German parliament attack

Image: Tauno Tõhk

The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag).

EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.

"Sanctions are one of the options available in the Union's framework for a joint diplomatic response to malicious cyber activities (the so-called cyber diplomacy toolbox), and are intended to prevent, discourage, deter and respond to continuing and increasing malicious behaviour in cyberspace," a press release published earlier reads.

German Chancellor also affected in the attack

Dmitry Sergeyevich Badin and Igor Olegovich Kostyukov are the two military intelligence officers sanctioned today, both of them known members of the GTsSS (an APT group also tracked as APT28, Fancy Bear, Sofacy Group, Sednit, and Strontium) which is also a target of today's restrictive measures imposed by the Council of the EU decision.

Kostyukov is also the current Head of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU) after previously occupying the First Deputy Head position according to the same decision published today.

"In this capacity, Igor Kostyukov is responsible for cyber-attacks carried out by the GTsSS, including those with a significant effect constituting an external threat to the Union or its Member States," the Council explains.

Members of this elite Russian military hacking unit were also charged by the US for hacking the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) in 2016, before that year's Presidential Election.

The Deutscher Bundestag attack affected the parliament's operation for multiple days during April and May 15, leading to the compromise of several parliament members' email accounts.

"This cyber-attack targeted the parliament's information system and affected its ability to operate for several days," the Council of the EU adds.

"A significant amount of data was stolen and the email accounts of several members of parliament, including that of Chancellor Angela Merkel, were affected."

One-year-old legal framework

The legal framework that allowed these sanctions was established by the Council of the EU on May 17, 2019, and it was first used in July 2020 when the EU sanctions imposed on Unit 74455 of Russia's foreign military intelligence service, as well as on front companies for Chinese and North Korean hacking groups that orchestrated cyber-attacks targeting the EU and its member states.

The framework allows "the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states, including cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP)."

It is also specifically designed to allow the EU to sanction persons and entities responsible for both attempted and successful cyber-attacks, if they are either involved or provide support to the individuals or the groups behind the attacks.

"The EU recognizes that cyberspace offers significant opportunities, but also presents continuously evolving challenges," the Council said.

"It is concerned at the rise of malicious behavior in cyberspace that aims at undermining the EU's integrity, security and economic competitiveness, with the eventual risk of conflict."