BRUSSELS — The European Union has imposed sanctions on three Russian individuals linked to a series of cyberattacks against Estonia in 2020, the EU Council announced Monday.
The individuals, identified as officers of the General Staff of the Russian Armed Forces (GRU) Unit 29155, allegedly orchestrated the attacks that compromised classified information and sensitive data from several Estonian government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs.
“These attacks represent a grave threat to the integrity and security of EU institutions and member states,” the EU Council stated. “By targeting sensitive government information, the perpetrators jeopardized the trust and resilience of public institutions.”
Unit 29155, a covert GRU division implicated in cyber-attacks, assassinations, and destabilization activities across Europe, is also accused of targeting Ukraine and other EU member states.
The sanctioned individuals face travel bans, asset freezes, and restrictions on access to EU resources. The latest additions bring the total under the EU cyber sanctions regime to 17 individuals and four entities.
Estonian officials welcomed the move, with Minister of Foreign Affairs Margus Tsahkna calling it “a vital step toward accountability and a clear message that malicious cyber activities will not go unanswered.”
The EU reaffirmed its commitment to promoting a secure and stable cyberspace, emphasizing the importance of international cooperation in countering cyber threats.
“This decision underscores the EU’s resolve to counter persistent hybrid threats and protect our democratic institutions and critical infrastructure,” the statement added.
The sanctions align with the EU’s broader Cyber Diplomacy Toolbox, established in 2017 to deter and respond to malicious cyber activities, and the restrictive measures framework implemented in 2019.
The full legal acts concerning the sanctions have been published in the Official Journal of the European Union.