EU Sanctions Six Russian Hackers Connected to Conti, Trickbot, and Other Malware

• Six hackers were added to the EU sanctions list for deploying malware against member states and Ukraine.
• The sanctioned people are involved in cyberattacks targeting critical infrastructures and classified information.
• The individuals are reportedly linked to known cybercriminal groups such as Callisto, Armageddon, and Wizard Spider.

Six persons linked to cyberattacks targeting systems connected to critical infrastructure and state functions, classified information, and government emergency response teams in EU member states were sanctioned by the Council of the European Union (EU). 

For the first time, the Council approved “additional restrictive measures” against threat actors who deploy malware against essential services, such as health and banking.

The new listings include Ruslan Peretyatko and Andrey Korinets, believed to be Russian military intelligence officers who are part of the advanced persistent threat (APT) tracked as Callisto, Star Blizzard, BlueCharlie, and ColdRiver. They used phishing campaigns to steal sensitive data in critical state functions such as defense and external relations from EU member states and third countries.

Oleksandr Sklianko and Mykola Chernykh of the Gamaredon and Armageddon hacker groups were also included on the list. The latter, which used phishing emails and malware campaigns against the governments of EU member states and Ukraine, is believed to be supported by Russia’s Federal Security Service (FSB).

Mikhail Tsarev and Maksim Galochkin were also sanctioned. They are considered to be involved in the Wizard Spider hacker group and possibly key players in deploying the Conti and Trickbot malware campaigns. 

Wizard Spider created and developed the Trickbot spyware program, which they used in ransomware campaigns aimed at EU essential services such as health and banking, causing significant economic damage.

The EU horizontal cyber sanctions regime currently applies to 14 individuals and four entities. These include asset freezes, travel bans, and the prohibition of EU persons and entities from providing them with funds.

Another hacker connected to Conti and also LockBit was arrested this month in Ukraine – a cryptor specialist from Kyiv who cooperated with Russian ransomware groups and helped them evade detection.