The European Council has imposed sanctions against entities and individuals in China, Russia and North Korea known to have been involved in high-profile cyberattacks which hit logistics networks as well as automotive companies and banks.

The council enacted the measures against three entities and six individuals responsible for, or involved, in the incidents. These include the attempted cyberattack against the Organisation for the Prohibition of Chemical Weapons (OPCW) in 2018, the attacks known as WannaCry and NotPetya, which took place in 2017, and Operation Cloud Hopper, a widespread espionage plot by the Chinese hacker group APT10 reported to have started at least a decade ago.

The sanctions imposed on July 30 include travel bans and asset freezes. In addition, EU persons and entities are forbidden from making funds available to those blacklisted.

Entities sanctioned include Tianjin-based Huaying Haitai, a technology company, which was found to have supported and helped facilitate Operation Cloud Hopper, an elaborate campaign that saw a series of sustained attacks against tech giants, including IBM and HPE, and their customers.

Chosun Expo, based in North Korea, has been sanctioned for supporting the ransomware attack WannaCry, which disrupted information systems around the world, blocking access to data. WannaCry hit many global businesses, including carmakers Renault, Nissan and Honda, forcing plants offline. Chosun Expo has also been involved in cyber acts against the Polish Financial Supervision Authority and Sony, as well as cyber theft from the Bangladesh Bank and attempted cyber theft from the Tien Phong Bank (TP Bank) in Vietnam, finds the council.

The other entity sanctioned is the Main Centre for Special Technologies, part of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). It has been found responsible for the NotPetya malware attack that made data inaccessible across companies, including Danish shipping giant Maersk, which saw its operations completely dismantled.

Individuals sanctioned include Moscow-based GRU officers Alexey Minin, Aleksei Morenets, Evgenii Serebriakov and Oleg Sotnikov. They have all been linked to the failed OPCW attack, which saw them travel to the Netherlands to hack into the organisation’s Wi-Fi network and disrupt sensitive operations. Meanwhile, in China, Gao Qiang and Zhang Shilong, who were both involved in Operation Cloud Hopper and employed by Huaying Haitai, are also sanctioned.

“We are determined to prevent, discourage, deter and respond to malicious cyber activities,” a spokesperson for the council tells GTR. “Last week we did this for the first time. It was the outcome of thorough discussions in the relevant council working groups on the basis of an ‘evidence package’, as well as discussion and agreement on legal acts. This process requires time in order to ensure solidity of analysis and decision-making.”

The legal framework for sanctions against cyberattacks was adopted by the European Council in May 2019. Given the decision to impose its first-ever cyber sanctions, the council “clearly signals” the likely consequences of malicious cyber behaviour, adds the spokesperson.


Code that cripples

Although cyberattacks can be used to extort money, they are increasingly being carried out to disrupt operations and cause serious harm to industries, as is often the case when it comes to government-sponsored acts. This can be particularly damaging to around-the-clock operations, including those linked to trade and logistics.

The NotPetya attack, which targeted Ukraine, saw malware placed in the upgrade to MeDoc, a tax software widely used by accountants in the country. The aim of the hack was to cause maximum disruption to Ukraine’s public and private sector. Indeed, the government, banks, state power company and transport systems were all affected. The radiation monitoring system at Chernobyl was also taken offline, meaning that workers were forced to manually measure radiation levels at the former nuclear plant.

While not the primary target, global trade also took a big hit as the computer virus spread, with Maersk’s operations grinding to a halt as the malware infected tens of thousands of its computers, costing the company hundreds of millions of dollars in damages. “This code was built to destroy, not extort,” Maersk’s head of technology Adam Banks told I-Cio in August 2019. “All companies that use the default software for submitting Ukrainian tax returns were compromised by the social engineering of a rogue employee.”

Aside from severe disruption and economic damage, attacks can be fatal if they target critical infrastructure such as chemical plants, water systems and the energy sector. The failed hack on Israel’s public water systems earlier this year that reportedly attempted to raise chlorine levels in drinking water could have seen hundreds of people fall seriously ill. Iran was pinpointed as the alleged perpetrator. Not long after, Iranian authorities confirmed a cyberattack on its Shahid Rajaee port, a shipping terminal that lies on the Strait of Hormuz, a busy trade route between the Persian Gulf and the Gulf of Oman. Israel became the primary suspect.

“A cyberattack can leave a country crippled within seconds, affecting critical infrastructure, causing electricity blackouts or navigational disruptions for international air and maritime transport,” says the European Council spokesperson. “We see governments and political systems being destabilised through cyberattacks and electoral interference. Its effects can be significant and irreversible, harming millions of people and putting the security and stability of our societies at risk.”