The European Union on Monday announced sanctions against three Russian nationals for launching cyberattacks against Estonia in 2020.
According to the EU, the three, Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov, are officers of a military unit of the General Staff of the Armed Forces of the Russian Federation (GRU), namely 161st Specialist Training Center, also known as Unit 29155.
A September 2024 joint advisory from the US and its allies tied Unit 29155 to multiple aggressive cyber campaigns worldwide, such as destructive malware, sabotage, and cyberespionage operations, including the WhisperGate malware attack against Ukraine.
“Unit 29155 is responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe. Unit 29155 expanded their tradecraft to include offensive cyber operations from at least 2020,” CISA said in September.
Now, the EU blames the three members of Unit 29155 for cyber intrusions at several government ministries in Estonia, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs.
The attacks, the EU says, involved “unauthorized access to classified information and sensitive data” and resulted in “the theft of thousands of confidential documents”, including secret business information, health records, and other critical data.
Furthermore, the Union says, Unit 29155 is also responsible for launching cyberattacks against other EU member states and partners, such as Ukraine.
In their roles within Unit 29155, Korchagin, Shevchenko, and Denisov, are involved in and responsible for hacking into the computer systems of various institutions in Estonia, to steal data that “independently or in combination, give an overview of the cyber security policy of Estonia, the cyber capabilities of the state, sensitive personal data, and other sensitive data, with the aim of using the data to threaten the security of Estonia”, the EU says.
The three are responsible for intelligence activities against Estonia, for illegally accessing computer systems, and their involvement in cyberattacks constitutes an external threat to an EU member state, the Union says.
Related: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
Related: Montenegro Wrestles With Massive Cyberattack, Russia Blamed
Related: Months After Hack, US Poised to Announce Sanctions on Russia
