EU sanctions target nine people and four entities tied to Russia’s FSB over a 15-year cyberespionage and critical infrastructure sabotage campaign.
The European Union imposed sanctions on Monday targeting nine individuals and four entities linked to a Russian cyberespionage and sabotage operation that Brussels says has been running since 2010. The targets include Russian military intelligence officers, hackers, and private companies. ù
The European Council said the sanctioned actors helped Russia destabilize the EU and its partners. The cyberespionage campaign affected at least nine countries.
The European Council stopped short of publishing their names in its public statement, which is an unusual level of restraint for a sanctions announcement.
The sanctions focus on the FSB ‘s 16th Center, the signals intelligence division of Russia’s Federal Security Service.
“The EU focused its measures on the 16th Center of Russia’s Federal Security Service, or FSB. It said the FSB has been “controlling a variety of cyberthreat groups,” and said it “has conducted a wide range of malicious cyberactivities with growing severity.”” EU states.
Fifteen years of documented activity is a long time for a sanctions package to catch up with, but here we are.
The European Council named nine countries as confirmed targets: France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland, described as “among others.”
“The names of the individuals and entities — which usually companies, government agencies, banks or other organizations — were not listed on the statement.” reports the Associated Press. It said France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland, “among others” have been targeted.”
The operations didn’t just involve stealing information. The EU explicitly accused the network of carrying out sabotage against critical infrastructure, including heating systems and power plants, alongside more conventional espionage against government targets.
Foreign Minister Jean-Noël Barrot said strategic infrastructure, ministries, businesses, and Poland’s railway network were targeted. France and Germany summoned the Russian ambassador, while the EU is preparing sanctions against nine individuals and four entities. Paris also highlighted the role of Viginum and ANSSI in countering cyber threats and foreign digital interference.
Barrot intends to summon the Russian ambassador in the coming days.
Poland’s railway infrastructure has been referenced in multiple European government warnings about Russian physical and digital sabotage operations over the past two years.
Monday’s action didn’t emerge from nowhere. In April, Sweden attributed a cyberattack on a heating plant to a pro-Russian group with links to Russian security and intelligence services. Around the same time, officials in Poland, Norway, Denmark, and Latvia were warning publicly that Russia was systematically attacking critical infrastructure across Europe. Several countries have also accused Russian-linked actors of attempting to interfere with their elections using a combination of cyberattacks and disinformation.
The formal attribution of a single coordinated network spanning at least nine countries and 15 years represents a deliberate escalation in how the EU is publicly framing Russia’s cyber operations. Whether sanctions against unnamed individuals and unlisted companies produce any practical deterrence is a different question, and one that European officials probably didn’t expect to answer favorably when they signed off on this package.
In January 2025, the European Union sanctioned three members of Russia’s GRU Unit 29155, Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov, for cyberattacks targeting Estonian government institutions in 2020. The operations enabled unauthorized access to ministries’ systems and the theft of thousands of confidential documents, including cybersecurity strategies and sensitive state information.
The EU highlighted the growing role of cyber operations as a tool of hybrid warfare and destabilization. The U.S. and allies have linked unit 29155 to global espionage, sabotage, and attacks targeting critical infrastructure across government, energy, finance, transport, and healthcare sectors.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, FSB)
