The Council decided to impose restrictive measures on nine Russian individuals and four entities forming part of Russia’s cyber ecosystem,responsible for and involved in carrying out, enabling and facilitating cyber-attacks against the EU, its member states and international partners.
Cyber attacks
The Council is sanctioning the Bullet Proof Hosting service provider Media Land LLC and his owner Alexander Volosovik. Media Land LLC has been facilitating a wide array of malware attacks against both EU member states and globally, leading to significant financial losses. It enabled cyber criminals to engage in malicious cyber activities, including large-scale ransomware and phishing operations that targeted critical infrastructure and essential services among EU member states. In addition, the Council is listing ML.Cloud, the sister company of Media Land LLC.
The Council is also imposing restrictive measures on Z-Pentest, a pro-Russia hacktivist group globally targeting critical infrastructure -especially the energy and water sectors. For example, Z-Pentest conducted a cyber-attack against a Danish water utility in December 2024. The group’s leader, Yuliya Vladimirovna Pankratova and a primary hacker, Denis Olegovich Degtyarenko, both part of the Russian hacktivist group CARR (Cyber Army of Russia Reborn) are also sanctioned. Since 2022, CARR has conducted sustained campaigns of DDoS attacks in countries that have supported Ukraine. CARR is notably responsible for cyber-attacks against government agencies, financial institutions, media outlets, and critical infrastructure in EU member states, in Ukraine and other third countries, and is linked to the Russian Military Intelligence Agency GRU.
LLC ‘Impuls’ and its owner Evgeniy Viktorovich Bashev, a member of Russian Military Intelligence Agency GRU Unit 29155, are also sanctioned for providing technical and material support to cyber-attacks and attempted cyber-attacks conducted by GRU Unit 29155 against the EU and its member states.
Read also
Lastly, today’s listings include individuals, Maksim Evgeniyevich Voronin, Maksim Alexsandrovich Gordienko and Vitaly Nikolayevich Kovalev. The first two are involved in the development, distribution and selling of the information stealing malware LummaC2 while the last took part in the development of the malware programmes ‘Trickbot’ and ‘Conti’. These sanctions are taken in close coordination with the United Kingdom. This marks the first time that the EU and the UK have adopted sanctions simultaneously under their respective cyber sanctions’ regimes, underscoring their shared commitment to tackling Russian malicious cyber activities through coordinated action.
Destabilising activities
The Council is also imposing restrictive measures on Ivan Kasyanenko. He is the deputy commander of the Special Operations Service (SSD) of the GRU, who has been identified as a principal organiser and supervisor of Unit 29155 activities connected to Afghanistan, including alleged efforts to provide financial incentives for attacks targeting US and coalition personnel. He also coordinated operations linked to the 2018 Novichok poisonings of Sergei Skripal and his daughter. In addition, he has been linked to the coordination of covert Russian activities in Europe, the management and integration of Wagner Group networks in Africa in 2023, and military-technical cooperation initiatives involving Iran. Unit 29155 is also responsible for conducting cyber-attacks against other EU member states and partners, notably Ukraine.
Those listed are subject to an asset freeze, and EU citizens and companies are forbidden from making funds or economic resources available to them. Natural persons also face a travel ban that prohibits them from entering or transiting through EU territories.
The relevant legal acts have been published in the Official Journal of the EU.
Background
The Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the ‘cyber diplomacy toolbox’) was established in June 2017. It allows the EU and its member states to use all CFSP measures, including restrictive measures if necessary, to prevent, discourage, deter and respond to malicious cyber activities targeting the integrity and security of the EU and its member states.
In May 2019, the Council established a framework of sanctions allowing the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states.
The framework for restrictive measures in response to Russia’s destabilising actions was set up on 8 October 2024 to target those engaged in actions and policies by the government of the Russian Federation, which undermine the fundamental values of the EU and its member states, their security, stability, independence and integrity. The sanctions regime targets also those responsible for Russia’s hybrid activities against third countries and international organisations.
- Council Decision (CFSP) 2026/1713 of 13 July 2026 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States
- Council Implementing Regulation (EU) 2026/1714 of 13 July 2026 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States
- Council Decision (CFSP) 2026/1707 of 13 July 2026 amending Decision (CFSP) 2024/2643 concerning restrictive measures in view of Russia’s destabilising activities
- Council Implementing Regulation (EU) 2026/1710 of 13 July 2026 implementing Regulation (EU) 2024/2642 concerning restrictive measures in view of Russia’s destabilising activities
- Council Decision (CFSP) 2026/588 of 16 March 2026 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (consolidated text dated 13 May 2026)
- Council Decision (CFSP) 2024/2643 of 8 October 2024 concerning restrictive measures in view of Russia’s destabilising activities (consolidated text dated 15 June 2026)
- Cyber threats in the EU: facts and figures (background information)
- Russia’s hybrid activities: EU sanctions (background information)

















































