The European Union and the United Kingdom have imposed new sanctions on Russian officials and hacker groups for coordinated cyberattacks, following the exposure of a systematic cyber campaign orchestrated by Russia to destabilize and divide the European continent. The revelation of at least fifteen years of covert operations coincided with the “Coalition of the Willing” meeting in Paris in support of Ukraine, during which the EU and UK moved to enforce new restrictive measures.
EU and UK crack down on Russian cyber threat
At the center of the sanctions are senior figures from Russian military intelligence services, hacker groups, and private entities supporting the Kremlin’s operations. Reacting swiftly, Berlin and The Hague summoned Russian diplomatic representatives to formally register their objections, with Paris expected to follow suit shortly.
Meanwhile, NATO issued a statement underscoring the collective stance and solidarity of its member states in the face of Russia’s malicious actions targeting critical infrastructure, calling for an immediate end to such activities.
The measures imposed
The EU’s intervention: European sanctions target nine individuals and four legal entities. Countries that have suffered the consequences of these cyberattacks include France, Germany, Poland, the Netherlands, Austria, Slovakia, Romania, Finland, and Cyprus.
The UK’s decisions: London imposed sanctions on 24 individuals and entities. Among them are three senior GRU officers (Vyacheslav Stafeev, Ivan Senin, and Ivan Kasyanenko), individuals linked to the creation of the Lumma Stealer malware, as well as those responsible for the pro-Kremlin propaganda channel Rybar on Telegram.
Ties to organized crime: According to UK authorities, GRU Unit 29155 worked closely with the criminal organization IMPULS to recruit computer science graduates from Russian academic institutions, confirming the direct link between the Russian state and cybercrime.
Digital espionage in France
In France, the hacker group “Turla” has been conducting digital espionage since 2010 against government agencies, and since 2025 has extended its operations to target the country’s defense industry.
French losses: The French Ministry of Foreign Affairs revealed that Russian operatives breached email accounts at the Ministry of Defense in 2017 and infiltrated systems at the French embassy in Moscow in 2018. More recently, a high-tech research center working with the defense sector was also targeted.
Also in the crosshairs was the hacktivist group Cyber Army of Russia Reborn (CARR), which attempted to cause disruption during the 2024 Paris Olympics by threatening attacks on the Seine River’s water treatment infrastructure.
Sabotage, espionage, and the drone threat
Russian intelligence activities are spreading across Europe in various forms:
Germany & the Netherlands: Targeting of government structures in Germany and hacking of security cameras in the Netherlands to monitor military supply transport routes.
Poland: A failed cyberattack by the FSB’s 16th Center on the country’s power grid — an operation that could have cut off heating and electricity for half a million citizens in the depths of winter.
Hybrid warfare: Analysts note that following the invasion of Ukraine, Moscow has escalated hostile operations, deploying even drones as tools of aggression.
According to a study by the IISS and the Hanns Seidel Foundation, recent drone flights over sensitive locations in Central Europe and the Balkans were orchestrated by the Kremlin, using the so-called “shadow fleet” of oil tankers as floating launch platforms. This strategy exploits the fact that European air defenses are designed to counter large, conventional threats — not to detect small, low-cost unmanned aerial vehicles.