{
	"id": "3186b9b6-962b-4acc-a17f-b67aa7837d78",
	"created_at": "2026-04-06T00:06:40.6928Z",
	"updated_at": "2026-04-10T03:21:56.644958Z",
	"deleted_at": null,
	"sha1_hash": "ac79e8ea6afcb44a226434bfa14b45349ac0336a",
	"title": "Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53406,
	"plain_text": "Cyber-attacks: three individuals added to EU sanctions list for\r\nmalicious cyber activities against Estonia\r\nArchived: 2026-04-05 12:49:43 UTC\r\nCouncil of the EU\r\nPress release\r\n27 January 2025 17:04\r\nThe Council today adopted additional restrictive measures against three Russian individuals responsible for a\r\nseries of cyberattacks carried out against the Republic of Estonia in 2020. The individuals listed are officers of\r\nthe General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155.\r\nThe cyber-attacks granted attackers unauthorized access to non-public information and sensitive data\r\nstored within several government ministries. These included the Ministries of Economic Affairs and\r\nCommunications, and Social Affairs, leading to the theft of thousands of confidential documents. These\r\ndocuments included business secrets, health records, and other critical information compromising the security of\r\nthe affected institutions. Although the Ministry of Foreign Affairs was also targeted, no sensitive or non-public\r\ndata was accessed. Unit 29155 is also responsible for conducting cyber-attacks against other EU member states\r\nand partners, notably Ukraine.\r\nThe covert unit, known for its involvement in foreign assassinations and destabilisation activities such as\r\nbombings and cyber-attacks across Europe, and some of its military personnel active in Ukraine, Western Europe\r\nand Africa, was also sanctioned last year under the new sanction regime in view of Russia’s destabilising\r\nactivities.\r\nWith today’s listings, the EU horizontal cyber sanctions regime now applies to 17 individuals and 4 entities. It\r\nincludes an asset freeze and a travel ban, and the prohibition for EU persons and entities to make funds available\r\nto those listed.\r\nThis decision confirms the willingness of the EU and its member states to provide a strong and sustained response\r\nto persistent malicious cyber activities targeting the EU, its member states and partners.\r\nThe EU and its member states will continue to cooperate with our international partners to promote an open, free,\r\nstable and secure cyberspace.\r\nThe relevant legal acts have been published in the Official Journal of the European Union.\r\nBackground\r\nIn June 2017, the EU established a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities\r\n(the \"Cyber Diplomacy Toolbox\"). The framework allows the EU and its member states to use all CFSP measures,\r\nhttps://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia/\r\nPage 1 of 2\n\nincluding restrictive measures if necessary, to prevent, discourage, deter and respond to malicious cyber activities\r\ntargeting the integrity and security of the EU and its member states.\r\nThe EU framework for restrictive measures against cyber-attacks threatening the EU and its member states was set\r\nup in May 2019.\r\nOn May 21st, 2024, the Council approved conclusions on the future of cybersecurity aiming to provide guidance\r\nand setting the principles towards building a more cyber secure and more resilient EU.On June 24, 2024, the\r\nEuropean Union added six individuals to its sanctions list due to their involvement in malicious cyber activities,\r\nspecifically cyberattacks targeting EU member states and Ukraine. These individuals were linked to harmful\r\nactions that threatened the security and stability of the region. The sanctions include asset freezes and travel bans.\r\nIn parallel, on October 8th, 2024, the Council established a new framework for restrictive measures in response to\r\nRussia’s destabilising actions abroad. This framework allows the EU to target individuals and entities engaged in\r\nactions and policies, including cyber-attacks, by the government of the Russian Federation, which undermine the\r\nfundamental values of the EU and its member states, their security, independence and integrity, as well as those of\r\ninternational organisations and third countries.\r\nIn its most recent conclusions of 19 December 2024, the European Council strongly condemned Russia’s hybrid\r\ncampaign, including sabotage, disruption of critical infrastructure, cyber-attacks, information manipulation and\r\ninterference, and attempts to undermine democracy, including in the electoral process, against the European Union\r\nand its member states.\r\nCouncil Decision (CFSP) 2025/171 of 27 January 2025 amending Decision (CFSP) 2019/797 concerning\r\nrestrictive measures against cyber-attacks threatening the Union or its Member States (including the details\r\nof the individuals sanctioned today)\r\nCouncil Implementing Regulation (EU) 2025/173 of 27 January 2025 implementing Regulation (EU)\r\n2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States\r\n(including the details of the individuals sanctioned today)\r\nEuropean Council Conclusions (19 December 2024)\r\nCybersecurity: Council approves conclusions for a more cyber secure and resilient Union (press release, 21\r\nMay 2024)\r\nCybersecurity: How the EU tackles Cyber Threads (background information)\r\nCouncil Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks\r\nthreatening the Union or its Member States (consolidated text dated 24 June 2024)\r\nVisit the meeting page\r\nLast review: 7 April 2025\r\nSource: https://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-ma\r\nlicious-cyber-activities-against-estonia/\r\nhttps://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia/"
	],
	"report_names": [
		"cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia"
	],
	"threat_actors": [],
	"ts_created_at": 1775434000,
	"ts_updated_at": 1775791316,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ac79e8ea6afcb44a226434bfa14b45349ac0336a.pdf",
		"text": "https://archive.orkl.eu/ac79e8ea6afcb44a226434bfa14b45349ac0336a.txt",
		"img": "https://archive.orkl.eu/ac79e8ea6afcb44a226434bfa14b45349ac0336a.jpg"
	}
}