{
	"id": "5bfed4da-8c7f-4032-ae11-7ed01f969823",
	"created_at": "2026-04-06T00:16:18.475684Z",
	"updated_at": "2026-04-10T03:32:39.25011Z",
	"deleted_at": null,
	"sha1_hash": "f7b809d4dd2785a948b01aa5ffa03b2c5996d225",
	"title": "EU imposes the first ever sanctions against cyber-attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41067,
	"plain_text": "EU imposes the first ever sanctions against cyber-attacks\r\nArchived: 2026-04-05 19:45:14 UTC\r\nCouncil of the EU\r\nPress release\r\n30 July 2020 16:28\r\nThe Council today decided to impose restrictive measures against six individuals and three entities responsible\r\nfor or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW\r\n(Organisation for the Prohibition of Chemical Weapons) and those publicly known as 'WannaCry', 'NotPetya',\r\nand 'Operation Cloud Hopper'.\r\nThe sanctions imposed include a travel ban and an asset freeze. In addition, EU persons and entities are\r\nforbidden from making funds available to those listed.\r\nSanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to\r\nmalicious cyber activities directed against the EU or its member states, and today is the first time the EU has\r\nused this tool. The legal framework for targeted restrictive measures against cyber-attacks was adopted in May\r\n2019 and recently renewed.\r\nBackground\r\nIn recent years, the EU has scaled up its resilience and its ability to prevent, discourage, deter and respond to\r\ncyber threats and malicious cyber activities in order to safeguard European security and interests.\r\nIn June 2017, the EU stepped up its response by establishing a Framework for a Joint EU Diplomatic Response to\r\nMalicious Cyber Activities (the \"cyber diplomacy toolbox\"). The framework allows the EU and its member\r\nstates to use all CFSP measures, including restrictive measures if necessary, to prevent, discourage, deter and\r\nrespond to malicious cyber activities targeting the integrity and security of the EU and its member states.\r\nTargeted restrictive measures have a deterrent and dissuasive effect and should be distinguished from attribution\r\nof responsibility to a third state.\r\nThe EU remains committed to a global, open, stable, peaceful and secure cyberspace and therefore reiterates the\r\nneed to strengthen international cooperation in order to promote the rules-based order in this area.\r\nCouncil decision concerning restrictive measures against cyber-attacks threatening the Union or its\r\nmember states, 30 July 2020\r\nCouncil implementing regulation concerning restrictive measures against cyber-attacks threatening the\r\nUnion or its member states, 30 July 2020\r\nDeclaration by the High Representative Josep Borrell on behalf of the EU: European Union response to\r\npromote international security and stability in cyberspace, 30 July 2020\r\nDeclaration by the High Representative on malicious cyber activities, 30 April 2020\r\nhttps://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/\r\nPage 1 of 2\n\nCouncil establishes framework for sanctions (press release, 17 May 2019)\r\nCyber diplomacy toolbox (press release, 19 June 2017)\r\nLast review: 14 January 2024\r\nSource: https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/\r\nhttps://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/"
	],
	"report_names": [
		"eu-imposes-the-first-ever-sanctions-against-cyber-attacks"
	],
	"threat_actors": [
		{
			"id": "ec14074c-8517-40e1-b4d7-3897f1254487",
			"created_at": "2023-01-06T13:46:38.300905Z",
			"updated_at": "2026-04-10T02:00:02.918468Z",
			"deleted_at": null,
			"main_name": "APT10",
			"aliases": [
				"Red Apollo",
				"HOGFISH",
				"BRONZE RIVERSIDE",
				"G0045",
				"TA429",
				"Purple Typhoon",
				"STONE PANDA",
				"Menupass Team",
				"happyyongzi",
				"CVNX",
				"Cloud Hopper",
				"ATK41",
				"Granite Taurus",
				"POTASSIUM"
			],
			"source_name": "MISPGALAXY:APT10",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "04b07437-41bb-4126-bcbb-def16f19d7c6",
			"created_at": "2022-10-25T16:07:24.232628Z",
			"updated_at": "2026-04-10T02:00:04.906097Z",
			"deleted_at": null,
			"main_name": "Stone Panda",
			"aliases": [
				"APT 10",
				"ATK 41",
				"Bronze Riverside",
				"CTG-5938",
				"CVNX",
				"Cuckoo Spear",
				"Earth Kasha",
				"G0045",
				"G0093",
				"Granite Taurus",
				"Happyyongzi",
				"Hogfish",
				"ITG01",
				"Operation A41APT",
				"Operation Cache Panda",
				"Operation ChessMaster",
				"Operation Cloud Hopper",
				"Operation Cuckoo Spear",
				"Operation New Battle",
				"Operation Soft Cell",
				"Operation TradeSecret",
				"Potassium",
				"Purple Typhoon",
				"Red Apollo",
				"Stone Panda",
				"TA429",
				"menuPass",
				"menuPass Team"
			],
			"source_name": "ETDA:Stone Panda",
			"tools": [
				"Agent.dhwf",
				"Agentemis",
				"Anel",
				"AngryRebel",
				"BKDR_EVILOGE",
				"BKDR_HGDER",
				"BKDR_NVICM",
				"BUGJUICE",
				"CHINACHOPPER",
				"ChChes",
				"China Chopper",
				"Chymine",
				"CinaRAT",
				"Cobalt Strike",
				"CobaltStrike",
				"DARKTOWN",
				"DESLoader",
				"DILLJUICE",
				"DILLWEED",
				"Darkmoon",
				"DelfsCake",
				"Derusbi",
				"Destroy RAT",
				"DestroyRAT",
				"Ecipekac",
				"Emdivi",
				"EvilGrab",
				"EvilGrab RAT",
				"FYAnti",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"GreetCake",
				"HAYMAKER",
				"HEAVYHAND",
				"HEAVYPOT",
				"HTran",
				"HUC Packet Transmit Tool",
				"Ham Backdoor",
				"HiddenFace",
				"Impacket",
				"Invoke the Hash",
				"KABOB",
				"Kaba",
				"Korplug",
				"LODEINFO",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"MiS-Type",
				"Mimikatz",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"NOOPDOOR",
				"Newsripper",
				"P8RAT",
				"PCRat",
				"PlugX",
				"Poison Ivy",
				"Poldat",
				"PowerSploit",
				"PowerView",
				"PsExec",
				"PsList",
				"Quarks PwDump",
				"Quasar RAT",
				"QuasarRAT",
				"RedDelta",
				"RedLeaves",
				"Rubeus",
				"SNUGRIDE",
				"SPIVY",
				"SharpSploit",
				"SigLoader",
				"SinoChopper",
				"SodaMaster",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"UpperCut",
				"Vidgrab",
				"WinRAR",
				"WmiExec",
				"Wmonder",
				"Xamtrav",
				"Yggdrasil",
				"Zlib",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"dfls",
				"lena",
				"nbtscan",
				"pivy",
				"poisonivy",
				"pwdump"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434578,
	"ts_updated_at": 1775791959,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f7b809d4dd2785a948b01aa5ffa03b2c5996d225.pdf",
		"text": "https://archive.orkl.eu/f7b809d4dd2785a948b01aa5ffa03b2c5996d225.txt",
		"img": "https://archive.orkl.eu/f7b809d4dd2785a948b01aa5ffa03b2c5996d225.jpg"
	}
}