On 13 July 2026, the Council of the European Union imposed restrictive measures on nine Russian individuals and four entities for their roles in cyber-attacks and destabilising activities targeting the EU, its member states, and international partners. The sanctions include asset freezes and travel bans, and mark the first time the EU and the United Kingdom have adopted sanctions simultaneously under their respective cyber sanctions regimes.

The listings target entities and individuals involved in a range of malicious cyber activities. Media Land LLC, a Bullet Proof Hosting service provider, and its owner Alexander Volosovik were sanctioned for facilitating malware attacks, including large-scale ransomware and phishing operations against critical infrastructure in EU member states. Its sister company, ML.Cloud, was also listed. The pro-Russia hacktivist group Z-Pentest, which targeted critical infrastructure globally—particularly energy and water sectors—and conducted a cyber-attack against a Danish water utility in December 2024, was sanctioned along with its leader Yuliya Vladimirovna Pankratova and hacker Denis Olegovich Degtyarenko, both members of the Cyber Army of Russia Reborn (CARR). CARR has conducted sustained DDoS attacks since 2022 against countries supporting Ukraine, targeting government agencies, financial institutions, media, and critical infrastructure. LLC 'Impuls' and its owner Evgeniy Viktorovich Bashev, a member of GRU Unit 29155, were sanctioned for providing technical support to cyber-attacks by that unit. Individuals Maksim Evgeniyevich Voronin and Maksim Alexsandrovich Gordienko were listed for developing and distributing the LummaC2 information-stealing malware, while Vitaly Nikolayevich Kovalev was listed for developing the Trickbot and Conti malware programmes.

Under the framework for restrictive measures in response to Russia’s destabilising actions, established on 8 October 2024, the Council also sanctioned Ivan Kasyanenko, deputy commander of the GRU's Special Operations Service (SSD). He was identified as a principal organiser of Unit 29155 activities, including alleged efforts to provide financial incentives for attacks on US and coalition personnel in Afghanistan, coordination of the 2018 Novichok poisonings of Sergei Skripal and his daughter, covert Russian activities in Europe, management of Wagner Group networks in Africa in 2023, and military-technical cooperation with Iran. Unit 29155 also conducted cyber-attacks against EU member states and partners, notably Ukraine.

The sanctions build on the EU's cyber diplomacy toolbox, established in June 2017, and the cyber sanctions framework set up in May 2019. The relevant legal acts were published in the Official Journal of the EU on 13 July 2026.

← Atlas › News › Foreign affairs