Tuesday

26th Oct 2021

First use of new EU sanctions against Russia, China hackers

  • Ghostwriter campaign was 'aligned' with Russian interests, Mandiant Solutions said (Photo: ec.europa.eu)

The EU has imposed new-model sanctions on Russian and Chinese cybercriminals, but fresh revelations of Russia-linked media-hacking indicate it might need to go further.

The EU asset-freezes and visa bans, imposed Thursday (30 July), targeted four officers from Russia's military intelligence service, the General Staff of the Armed Forces of the Russian Federation (GRU), as well as the GRU's Moscow-based tech branch, the Main Centre for Special Technologies (GTST).

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • 'Such behaviour ... undermines international security and stability,' EU foreign affairs chief Josep Borrell said (Photo: European Union)

The EU named the four men and published their passport numbers and places of birth, saying they were guilty of trying to hack an international institute, the Organisation for the Prohibition of Chemical Weapons, in The Hague, in 2018.

It said the GTST attacked several EU companies with "ransomware" in 2017 "blocking access to data [and] resulting ... in significant economic loss".

It also said the GRU offshoot tried to take down Ukraine's electricity grid in the winter of 2015/2016.

The EU blacklists were the first time Europe used new legal measures, created last year, which target individuals and entities, instead of states, on cybercrime.

The EU has also created quick-fire sanctions to target individuals guilty of using chemical weapons and is working on similar measures, due in autumn, to target human rights abusers worldwide.

Thursday's measures also named two Chinese men and a Chinese company, Haitai Technology Development, who, the EU said, tried to steal commercially-sensitive secrets from Western multinational firms.

And they named a North Korean company, Chosun Expo, for attacks on Polish financial sector regulator, the Polish Financial Supervision Authority, as well as US firm Sony Pictures, and banks in Asia and the US.

"Such behaviour is unacceptable as it undermines international security and stability," EU foreign affairs chief Josep Borrell said.

Russia and North Korea did not immediately comment.

But the Chinese EU embassy in Brussels said it was "a staunch defender of network security and one of the biggest victims of hacker attacks", in a statement to the Reuters news agency.

Cyberspace should be kept safe via "dialogue and cooperation", instead of sanctions, it added.

The EU's counter-GRU sanctions came the same day a California-based internet security firm, Mandiant Solutions, also pointed at Moscow for hacking news websites in Europe.

The firm had "moderate confidence", it said, that 14 anti-Nato disinformation attacks between March 2017 and May this year came out of Russia.

The incidents were "part of a larger, concerted, and ongoing influence campaign" which was "aligned with Russian security interests", it said.

'Ghostwriter'

It called the campaign "Ghostwriter" because the hackers broke into news websites in the Baltic countries and Poland to insert fake stories on their webpages.

In one example, in September last year, Ghostwriter hacked Lithuanian website kaunas.kasvyksta.lt and inserted a fake article saying German Nato troops in the country had desecrated a Jewish cemetery.

It also created photoshopped images of the cemetery as purported evidence accompanying the article.

In a second example, in May this year, it compromised seven Polish regional news websites with fake quotes from a US general ridiculing Polish armed forces.

Ghostwriter also published bogus content that Nato soldiers were spreading coronavirus in the region, raping people, and running over children in armoured cars

And it used fake online personas to send links to the fake stories to other media.

Borrell's diplomatic service has a special cell for debunking Russian propaganda.

But the EU has no counter-propaganda sanctions on the cybercrime, chemical weapons, or human rights model.

"Ghostwriter is already targeting the West, but the methods associated with it will be seen more and more in Europe and the US as a means to alter perception there," Mandiant Solutions tech expert John Hultquist said in a statement.

"The method of hacking media sites to push fabricated narratives is a powerful one," he added.

Opinion

Why Russia politics threaten European security

Russia could expand hostile operations, such as poisonings, including beyond its borders, if it feels an "existential" threat and there is no European pushback.

Analysis

Ten years on from Tahrir: EU's massive missed opportunity

Investing in the Arab world, in a smart way, is also investing in the European Union's future itself. Let's hope that the disasters of the last decade help to shape the neighbourhood policy of the next 10 years.

Stakeholders' Highlights

  1. Nordic Council of MinistersNew report reveals bad environmental habits
  2. Nordic Council of MinistersImproving the integration of young refugees
  3. Nordic Council of MinistersNATO Secretary General guest at the Session of the Nordic Council
  4. Nordic Council of MinistersCan you love whoever you want in care homes?
  5. Nordic Council of MinistersNineteen demands by Nordic young people to save biodiversity
  6. Nordic Council of MinistersSustainable public procurement is an effective way to achieve global goals

Latest News

  1. How to break the political deadlock on migration
  2. Hedegaard on the hazards of stalling climate action
  3. Belarus exiles in EU fear regime-linked murderers
  4. No place for Polish 'war' rhetoric, Commission says
  5. Nine countries oppose EU gas market reform
  6. EU-UK impasse on top court in post-Brexit customs talks
  7. Erdoğan orders out US and EU ambassadors
  8. EU banks play 'major role' in deforestation, report finds

Join EUobserver

Support quality EU news

Join us