Skip to main content
Geopolitics & DefenseGovernment & Policy

Europe Targets Russia's Turla in Coordinated Cyber Sanctions

European officials gather at a podium in a government building to announce cyber sanctions against Russia.

“Cybercriminals, self-proclaimed hacktivists and private companies linked to Russia, including actors operating under its instructions, direction or control, have also carried out, enabled and facilitated a wide range of malicious activities,” European Union High Representative Kaja Kallas said Monday, announcing coordinated punitive measures aimed at a long-running Russian cyber-espionage apparatus.

EU targets FSB’s Center 16 and the cluster known as Turla

The European Union imposed sanctions against nine Russian individuals and four entities over what it described as a years-long campaign of cyberespionage tied to the group known variously as Turla, Secret Blizzard and Waterbug. The EU’s action singled out Center 16 of Russia’s Federal Security Service (FSB) for its control of the group and traced the campaign back to 2010 — beginning with operations in France and extending to Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland.

The EU also explicitly blamed the FSB for last December’s attacks on Poland’s energy grid, which the statement said left half a million people without heat. While the EU did not publish the names of all targets of its designations, Kallas’s statement noted that the package also included officers of Russia’s Main Intelligence Directorate of the General Staff (GRU).

UK sanctions: named GRU leadership, Lumma Stealer actors, and coordinated action with the EU

The United Kingdom rolled out its own cyber sanctions in parallel, a list the UK described as the first it has issued in coordination with the EU. London’s measures were broader numerically — 24 individuals and entities — and included named GRU senior leadership figures Vyacheslav Stafeyev, Ivan Senin and Ivan Kasyanenko. The UK cited their alleged roles in hybrid cyberattacks involving cybercriminal networks and in the recruitment of hackers across Russian universities.

The UK also designated individuals behind Lumma Stealer, the malware that was the target of an international takedown last year. “These sanctions strike at the core of the cybercriminal networks propping up the Russian state’s aggression, and the UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups,” Foreign Secretary Yvette Cooper said, framing the measures as a synchronized effort to disrupt the nexus between state intelligence services and criminal operators.

France and Germany to summon ambassadors; EU sanctions company behind Max app

At least two EU member states signaled diplomatic pushback: Germany and France said they would summon Russia’s ambassadors over the activities the sanctions address. Separately, the EU announced sanctions against the company behind the Russian messaging app Max, citing the app’s use of surveillance features to clamp down on dissent — a move the EU positioned alongside its counter-cyber measures.

Joint technical warning: 13 nations, including the United States, on router targeting

Alongside sanctions, 13 nations — a group that the EU’s announcement said included the United States — issued a warning about Russian government hackers targeting routers to carry out critical infrastructure attacks. The advisory underscored the transnational character of the response: sanctions and technical warnings were being used in tandem, from diplomatic summonses to operational cybersecurity alerts.

What this means for technologists, policymakers, and European governments

  • Technologists and security teams: Expect continued public advisories and pressure to prioritize router and network device hardening, given the explicit warning about router-targeting for critical infrastructure attacks.
  • Policymakers and regulators: The coordinated EU–UK sanctions — with named GRU leaders and an FSB center singled out — signal a willingness to pair legal and diplomatic measures with technical alerts when state-linked groups are alleged to be operating through criminal proxies.
  • European governments: The decision by Germany and France to summon Russia’s ambassadors, plus sanctions on the Max messaging company, indicates an approach that combines punitive designations, diplomatic pressure, and measures aimed at communications platforms used for surveillance and repression.

Russia routinely denies allegations of responsibility for malicious cyber activity, a point reiterated in the broader public dialogue this package of measures seeks to address. The coordinated sanctions and technical warnings leave open a central question: whether naming FSB Center 16, GRU leaders, and criminal actors such as those behind Lumma Stealer — alongside diplomatic and platform sanctions — will materially disrupt the networks the EU and UK describe, or simply shift their tactics and targets. For now, the response marks a clear escalation in the EU’s and UK’s public attribution and punitive playbook.

Original story