The European Union has imposed additional sanctions on three Russian nationals for their alleged roles in cyberattacks that compromised classified and sensitive information.
According to the Council of the European Union, the individuals are officers attached to Unit 29155 of the General Staff of the Armed Forces of the Russian Federation (GRU). The Council statement said: “The individuals listed are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155.”
Unit 29155 is widely reported to be involved in offensive cyber operations as well as covert actions beyond cyberspace, including activities described as destabilising operations and targeted sabotage.
The sanctions follow a series of cyber intrusions in 2020 that gained unauthorised access to sensitive data across several key Estonian government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs. Thousands of private documents were taken—ranging from commercial records to health files—undermining the operational security of the affected institutions.
The EU noted that Unit 29155 has been linked to similar operations targeting other EU member states and allied countries, with Ukraine frequently singled out as a target. Military intelligence personnel associated with the unit are believed to operate in conflict zones and areas of strategic interest across Western Europe, Africa, and Ukraine.
EU expands its cyber sanctions framework
With this update, the EU’s horizontal cyber sanctions regime now targets 17 individuals and four entities. The measures include travel bans and asset freezes for those listed, along with prohibitions on EU citizens and companies providing funds or economic resources to them.
The Council reiterated the bloc’s commitment to defend its digital environment against persistent and malicious cyber threats. “This decision confirms the willingness of the EU and its member states to provide a strong and sustained response to persistent malicious cyber activities targeting the EU, its member states, and partners,” the statement said.
The legal acts enforcing the new listings have been published in the Official Journal of the EU.
Cybersecurity and cyber deterrence have been priorities for the EU amid rising threats from state and non-state actors. In 2017 the bloc introduced the “Cyber Diplomacy Toolbox,” a framework allowing member states to coordinate responses to cyber incidents. That initiative established a basis for applying targeted restrictive measures.
In 2019 the EU formalised a sanctions framework to respond to cyberattacks that threaten the security and integrity of member states. This framework enables measures ranging from travel bans and financial restrictions to broader diplomatic responses against malicious actors.
Mounting concerns about cyber threats led the Council to adopt conclusions on 21 May 2024 aimed at strengthening EU resilience. On 24 June 2024, six additional individuals were added to the sanctions list in connection with cyber operations affecting EU member states and Ukraine.
In October 2024 the EU established a specific framework to respond to destabilising actions attributed to Russia, enhancing the bloc’s ability to counter disruptive measures that threaten international stability and democratic processes.
The EU has taken a firm stance against what it characterises as Russia’s hybrid warfare tactics, including cyberattacks, sabotage of critical infrastructure, and disinformation campaigns. In its most recent conclusions on 19 December 2024, the European Council strongly condemned actions perceived as attempts to undermine democratic institutions within member states.
This latest round of sanctions highlights the growing tensions between the EU and Russia over cyber activities and signals a clear warning to actors who use cyberspace to pursue malicious objectives.
As the EU strengthens its digital defences, it is urging international partners to continue collaborative efforts to protect a secure and resilient cyberspace.
See also: Malware targets enterprise-grade Juniper routers
Want to learn more about cybersecurity and cloud technology from industry experts? Consider events such as Cyber Security & Cloud Expo, which bring together professionals and leaders to discuss cloud security, cyber resilience, and related technologies.
Explore other upcoming enterprise technology events and webinars powered by TechForge.