Real-time sanctions intelligence for compliance professionals, policy analysts, and legal teams

EUEUROPEAN UNIONAI-GeneratedVerified by experts

EU sanctions 8 people, 4 entities over cyberattacks targeting member states

The European Union imposed cyber sanctions on eight individuals and four entities, including figures tied to TrickBot, Conti, GRU Unit 29155 and pro-Russia hacktivist networks, in a broadening crackdown on threats to member states.

2 min read

BRUSSELS, July 13, 2026 — The European Union on Monday imposed sanctions on eight individuals and four entities under its cyber sanctions regime, targeting actors it said were responsible for or involved in cyberattacks with significant effect against the bloc and its member states. The measures were adopted through Council Implementing Regulation (EU) 2026/1714 and took effect upon publication in the Official Journal.

The listings span ransomware, malware, hosting infrastructure and Russian state-linked cyber operations. Those named include Vitaly Nikolayevich Kovalev, described as a senior figure in the TrickBot and Conti malware programs; Alexander Alexandrovich Volosovik, owner of Media Land LLC; Denis Olegovich Degtyarenko and Yuliya Vladimirovna Pankratova, identified as hackers linked to Cyber Army of Russia Reborn, or CARR; Maksim Evgenevich Voronin and Maksim Aleksandrovich Gordienko, accused of developing and distributing LummaC2; and Evgeniy Viktorovich Bashev and Roman Alexandrovich Puntus, both tied to GRU Unit 29155.

The four entities added were Media Land LLC, ML.Cloud, Impuls LLC and Z-Pentest. The EU said Media Land LLC and ML.Cloud provided infrastructure for large-scale ransomware, command-and-control and phishing operations, including activity linked to LockBit, EvilCorp and BlackBasta. It said Impuls LLC provided operational cover, infrastructure and payments supporting cyber operations by GRU Unit 29155, while Z-Pentest was described as a pro-Russia hacktivist group that has targeted critical infrastructure, especially in the energy and water sectors.

The regulation also highlights specific operational links. It said CARR has targeted government agencies, financial institutions, media outlets and critical infrastructure in member states and the United States, while Z-Pentest was notably linked to an attack on a Danish water utility in December 2024. The EU said Unit 29155-linked operations targeted essential services in member states, notably in transport, and also struck Ukrainian critical infrastructure through the WhisperGate campaign.

The move marks one of the bloc’s broader cyber sanctions updates in recent years, combining action against criminal ransomware ecosystems, bulletproof hosting providers, pro-Russia hacktivist groups and Russian military intelligence-linked operators in a single package.

Regulatory Actions

Structured data extracted from official sources and validated by sanctions experts

Sources

Related Coverage