The European Union and the United Kingdom imposed their first joint cyber sanctions package on Monday, targeting 24 Russian individuals and entities behind a 15-year campaign of espionage, infrastructure sabotage and election interference across Europe.
The sanctions hit senior officers in Russia's military intelligence agency, the GRU, and the Federal Security Service's Center 16 — the unit behind a failed December attack on Poland's power grid that could have cut electricity to 500,000 citizens in winter, according to the UK Foreign Office. France confirmed it had been targeted repeatedly since at least 2017, with intrusions reaching the defense and foreign affairs ministries.
"These sanctions strike at the core of the cyber criminal networks propping up the Russian state's aggression," UK Foreign Secretary Yvette Cooper said in a statement. "The UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups."
The UK sanctioned 24 individuals and entities, including three GRU Unit 29155 officers — Aleksandr Shepelev, Dmitriy Voronov and Roman Puntus — who directed cyber and hybrid threat operations from the same unit linked to the 2018 Skripal poisoning in Salisbury, England. The EU separately imposed asset freezes and travel bans on nine individuals and four entities tied to FSB Center 16, which the bloc said has conducted malicious cyber activities affecting at least nine European countries since 2010.
The coordinated action brings the total number of individuals and entities the UK has sanctioned in connection with Russia's war in Ukraine to more than 3,400. Germany and France both summoned the Russian ambassador in response, with Berlin stating that cyberattacks against EU partners "would be met decisively, including with additional sanctions."
The Kremlin's cyber recruitment pipeline
Among the most novel targets was OOO IMPULS, a Russian company the UK alleges the GRU's Unit 29155 used to recruit hackers and cyber specialists from universities across Russia. The sanctions also named three GRU senior leadership figures — Vyacheslav Stafeyev, Ivan Senin and Ivan Kasyanenko — for directing the operations, marking a shift toward targeting the managers rather than only the operators.
The UK also sanctioned individuals behind Lumma Stealer, a malware-as-a-service platform that collects sensitive information from compromised devices. The National Crime Agency identified at least 2,100 Lumma Stealer victims in the UK over the past six months alone, and the UK government said Russia has used the stolen credentials to conduct cyber espionage operations globally.
Ten individuals linked to Rybar LLC, a state-resourced media company, were sanctioned for spreading false narratives about Ukraine and interfering in elections in Moldova and Armenia. The company uses AI-driven content and fake investigations to shape narratives in the Kremlin's favor, the UK said, and receives funding from Russian state corporation Rostec.
Market implications and the cost of inaction
The sanctions add to an already elevated geopolitical risk premium in European markets. Defense and cybersecurity stocks have gained on expectations of increased government spending, while the broader risk-off sentiment has pushed investors toward safe-haven assets. The last time the EU and UK coordinated sanctions on this scale — targeting Russia's energy sector in 2022 — European gas prices surged more than 30% within a week, though the current cyber-focused measures are unlikely to trigger comparable commodity moves.
The joint advisory from 18 agencies across 12 countries, released alongside the sanctions, warned that FSB Center 16 continues to exploit weakly protected routers and networking equipment to access critical infrastructure networks worldwide. The most common method involves scanning for exposed SNMP services that accept factory-default or easily guessed passwords — a vulnerability that security teams have known about for more than a decade.
"Every time we see a large nation-state campaign, there's a temptation to focus on the newest exploit or the most sophisticated technique," said John Strand, owner of Black Hills Information Security. "Attackers are succeeding because too many organizations still struggle with the fundamentals of computer security."
The EU is weighing a 21st sanctions package against Moscow, with the bloc's foreign policy chief indicating additional names may be added to the list. The coalition of the willing — a group of mainly European nations backing Ukraine — is set to meet President Volodymyr Zelensky in Paris on Monday evening, where further security commitments are expected to be discussed.
This article is for informational purposes only and does not constitute investment advice.