The European Union imposed sanctions on Monday targeting three officers from Unit 29155 of the Russian Main Intelligence Directorate for their involvement in cyberattacks against Estonia in 2020. The sanctioned individuals are identified as Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov, all of whom are affiliated with the GRU. These sanctions are in response to the unit’s hacking of Estonian government departments in 2020 and the subsequent theft of sensitive documents, including classified information.
Estonia publicly attributed the cyberattacks to Russia in September 2024, leading to the issuance of an arrest warrant by the Estonia State Prosecutor’s Office against the three GRU officers. Denisov, a colonel in the Russian military, along with Shevchenko and Korchagin, orchestrated the 2020 hacks targeting Estonian public offices with the intention of compromising the country’s national security and that of its allies, according to the European Council.
The sanctions imposed by the EU include asset freezes and travel restrictions against the individuals. Additionally, Denisov and Korchagin are also facing criminal charges in the United States for their alleged involvement in deploying the WhisperGate malware against Ukrainian organizations. The U.S. government has offered a reward of up to $10 million for information leading to the capture of each of the defendants.
Unit 29155 is known for its involvement in attempted coups, sabotage, and assassination plots, in addition to cyber activities. The unit gained notoriety for the poisoning of former GRU officer Sergei Skripal in 2018 and an attempted coup in Montenegro in 2016. In recent years, the unit has shifted its focus to malicious cyber activities, including espionage, hack and leak campaigns, and sabotage through remote system wiping.
To address the increasing threat posed by hybrid warfare, the EU expanded its cyber sanctions regime in October 2024. This move was part of a broader effort to combat malicious cyber activities targeting the trading bloc. In December 2024, the council imposed sanctions on 16 individuals and three organizations, including Unit 29155, as part of ongoing efforts to counter cyber threats from Russia.
Overall, the EU’s decision to target officers of Unit 29155 reflects a concerted effort to hold accountable those responsible for state-sponsored cyberattacks and malicious activities. By imposing sanctions and pursuing criminal charges, the EU aims to deter future cyber threats and protect the integrity of its member states’ digital infrastructure.