Security news that informs and inspires

European Council Sanctions Individuals Tied to Conti, Trickbot

By

The European Council has sanctioned six individuals, who are allegedly involved in cyberattacks that have impacted critical infrastructure in EU member states and Ukraine, including two linked to Conti and Trickbot attacks.

For impacted individuals, the sanctions by the European Council, a council that helps to shape the direction and priorities of the European Union, will mean asset freezes and travel bans, and all EU people and entities are barred from making funds or economic resources available to them. Four of the six individuals already face charges in the U.S., but the European Council’s sanctions put further pressure on them.

“For the first time, restrictive measures are being taken against cybercriminal actors that use ransomware campaigns against essential services, such as health and banking,” according to the EU on Monday. “With these new listings, the EU and its member states reaffirm their willingness to step up efforts to provide a stronger and more sustained response to persistent malicious cyber activities targeting the EU, its member states and partners. This is in line with joint efforts with our international partners, such as the UK and the US, to disrupt and respond to cyber crime.”

Those sanctioned include Ruslan Peretyatko and Andrey Korinets, who are allegedly part of the Callisto group, a group made up of Russian military intelligence officers that have launched phishing campaigns against several EU countries in order to steal sensitive data in “critical state functions” like the defense sector. The officers were previously charged by the U.S. in December 2023, after targeting current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities between 2016 and 2022.

The EU also sanctioned Mikhail Tsarev and Maksim Galochkin, who are allegedly “key players” in the deployment of the Conti and Trickbot malware families. Tsarev and Galochkin are part of the Wizard Spider threat group, which is behind several high-profile ransomware attacks against the health and banking sector. They were previously charged in September 2023 by the U.S. Department of Justice, which had alleged that Galochkin acted as a “crypter” for Conti and modified the ransomware to help it slip past anti-virus detections, while Tsarev was a manager of other Conti conspirators.

Two other individuals - Oleksandr Sklianko and Mykola Chernykh - were also listed as part of the European Council’s Monday sanctions. These two are part of the Armageddon threat group, which is supported by the Russian Federal Security Service (FSB) and has carried out various cyberattacks on EU and Ukraine governments via phishing and malware campaigns. The Ukraine government previously identified these two Armageddon members in 2021, and on Monday the European Council said that Chernykh is a former employee of the Security Service of Ukraine, and therefore is charged in Ukraine with treason and unauthorized interference in the operation of electronic computing machines and automated systems.

The sanctions come as part of the European Council's Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities, which was first set up for the EU and its member states in 2019. They also come as countries in the EU, U.S. and others globally strategize about how to best approach the problem of individuals behind cyberattacks that reside in safe harbor locations like Russia - whether through sanctions, indictments or takedown efforts. A key piece of law enforcement operations against individuals behind cyberattacks has been increased collaboration between different countries, both in sharing critical information and teaming up on carrying out crackdowns on infrastructure.

“On the 21st of May, 2024 the Council approved conclusions on the future of cybersecurity aiming to provide guidance and setting the principles towards building a more cyber secure and more resilient EU,” according to the European Council. “The EU will continue to strengthen its cooperation in particular with Ukraine to advance international security and stability in cyberspace, increase global resilience and to raise awareness on cyber threats and malicious cyber activities.”