UK and EU impose sanctions on GRU chief in response to German parliament hack

The UK has strongly supported the European Council's decision to impose a travel ban and an asset freeze on two operatives of Russia's GRU as well as on hacker group Fancy Bear or APT28 for conducting a cyber attack on Germany’s Parliament in 2015.

On Thursday, the European Council announced the imposition of a travel ban and an asset freeze on Admiral Igor Kostyukov, the head of the Main Directorate of the General Staff of Russia's armed forces and Dmitry Badin, a military intelligence officer attached to the Russian army's 85th Main Centre for Special Services, also known as GTsSS.

According to the Council, Admiral Kostyukov commanded the GTsSS, also known as the GRU's military unit 26165 and more popularly, APT28, Fancy Bear, Pawn Storm, and Strontium, when the unit conducted cyber attacks targeting the German Parliament between April and May 2015.

"The cyber-attack against the German federal parliament targeted the parliament’s information system and affected its operation for several days. A significant amount of data was stolen and email accounts of several MPs as well as of Chancellor Angela Merkel were affected," the Council said.

Admiral Kostyukov was the deputy head of GRU (the Russian General Staff's Main Intelligence Department) when the cyber attacks took place and was later promoted as Acting Director of GRU in 2018. Aside from facing a travel ban and an asset freeze in the EU, he also finds a place in the United States' sanctions list for interfering in the 2016 US presidential elections.

As a member of GTsSS, Dmitry Badin was also part of a team of Russian military intelligence officers who carried out the cyber attacks targeting the German Parliament in 2015. He is also a wanted man in the United States for attempting to influence the outcome of the 2016 US presidential elections and for targeting the servers of the World Anti-Doping Agency.

Earlier today, the UK welcomed the decision of the European Council to sanction Fancy Bear as well as Admiral Kostyukov and Badin, stating that it will also impose asset freezes and travel bans against two Russian GRU officers and members of Fancy Bear who were responsible for the 2015 cyber attacks on Germany’s Parliament.

"The UK stands shoulder to shoulder with Germany and our European partners to hold Russia to account for cyber attacks designed to undermine Western democracies. This criminal behaviour brings the Russian Government into further disrepute," said Foreign Secretary Dominic Raab.

"The UK was at the forefront of efforts to establish the EU Cyber Sanctions regime and will implement our own autonomous Cyber Sanctions regime at the end of the Transition Period. We are committed to working with our international partners to enforce responsible behaviours and promote international security and stability in cyberspace.

"The UK has laid the statutory instrument for our cyber sanctions regime, which will allow us to impose travel bans and asset freezes on individuals and organisations," the Foreign, Commonwealth & Development Office said in a press release. The National Cyber Security Centre also welcomed the European Council's decision.

“We fully support these sanctions, which send a strong message that there will be consequences for those who target us or our allies in cyberspace. We will continue to work closely with our allies to counter malicious cyber activity from the GRU and others who would seek to do us harm,” said NCSC Director of Operations Paul Chichester.

Earlier this week, Foreign Secretary Dominic Raab said the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear, targeted the 2018 Winter Games hosted by South Korea as well as the 2020 Tokyo Olympics.

His statement was based on the NCSC's assessment that GRU targeted the opening ceremony of the 2018 Winter Games by disguising itself as North Korean and Chinese hackers and attempted to sabotage the Winter Olympic and Paralympic Games by deploying malware designed to wipe data from and disable computers and networks.

On Monday, a federal grand jury in the US also indicted six members of Unit 74455 of Russia's GRU for multiple counts that included the use of cyber operations to destabilize Ukraine and Georgia, to retaliate against accusations of Russia using a weapons-grade nerve agent on foreign soil, to target elections in France, and to disrupt the 2018 PyeongChang Winter Olympic Games.

The six hackers were indicted for using highly destructive malware such as KillDisk and Industroyer to inflict a series of blackouts in Ukraine, for using the NotPetya malware that caused nearly $1 billion in losses to affected organisations, and for using the Olympic Destroyer malware to disrupt thousands of computers used to support the 2018 PyeongChang Winter Olympics.

MORE ABOUT: