EU imposes sanctions on GRU officers over ‘Fancy Bear’ cyberattacks
The Council of the European Union has imposed sanctions on two Russian citizens and a military intelligence center due to cyberattacks targeting Germany’s parliament in 2015 and the Organization for the Prohibition of Chemical Weapons (OPCW) in 2018. This was announced in the latest volume of the Official Journal of the European Union. The United Kingdom announced plans to enforce these sanctions, as well.
The sanctions were imposed upon:
- Igor Kostyukov, Head of the Main Directorate of the General Staff of Russia’s Armed Forces (the GU/GRU)
- Dmitry Badin, GRU officer
- The 85th Main Center for Special Services (GtsSS) of the GRU, also known as “military unit 26165” (codenamed “Fancy Bear”)
“Fancy Bear” is a group of hackers, also known by the codenames APT28 and Strontium. Former special counsel for the U.S. Justice Department Robert Mueller, who was leading the investigation into Russian interference in the 2016 American presidential elections, previously spoke about the group’s connection to Russia’s GRU. The group was accused of hacking the servers of the Democratic National Committee (DNC) and the email of former U.S. State Secretary Hillary Clinton. According to Microsoft, the hackers tried to attack voters in the United States ahead of the midterm elections in 2018, and they targeted 16 national and international sports and anti-doping organizations in September 2019.
Those included on the sanctions list are banned from entering the EU and the UK. Their assets in the EU and the UK have also been frozen.
According to the EU, Igor Kostyukov is responsible for a number of cyberattacks carried out by GRU unit 26165 and Dmitry Badin was involved in the cyberattack on the German parliament (the Bundestag) as an officer in this unit. The EU stated that the GRU hackers attacked Germany’s parliament in April–May 2015 and stole a significant amount of data. Their actions also affected the email accounts of several lawmakers and Chancellor Angela Merkel. The attack affected the operations of the parliament’s information system for several days.
Germany’s Attorney General had called for the arrest of Dmitry Badin in connection with the cyberattack on the Bundestag previously, the German newspaper Suddeutsche Zeitung reported back in May. German prosecutors actually identified two hackers involved in the attacks, but were only able to gather sufficient evidence on Badin.
In 2018, the U.S. accused Badin of coordinating the actions of GRU officers who were involved in interfering in the 2016 presidential elections. He was also charged with hacking the computer systems of the World Anti-Doping Agency, FIFA, World Athletics, and other international organizations.
The EU also holds Kostyukov responsible for an attempted cyberattack aimed at hacking into the OPCW’s Wi-Fi network in the Netherlands in April 2018.
This is the second time the EU has announced sanctions on GRU Head Igor Kostyukov. Brussels imposed sanctions against him in 2019 over the 2018 Novichok poisoning of ex-GRU colonel Sergey Skripal and his daughter Yulia.
Text by Alexander Baklanov
Translation by Eilish Hart