EU Targets Hackers Linked to Major Global Cyber Operations

Header Image

Sanctions extended and individuals added for major cyber threat activity

EU High Representative for Foreign Affairs and Security Policy Kaja Kallas has issued a statement on behalf of the European Union regarding the alignment of third countries with restrictive measures targeting cyberattacks that threaten the EU or its member states.

According to the statement, on 11 May 2026 the Council of the European Union adopted Decision (CFSP) 2026/10791 concerning restrictive measures against cyberattacks threatening the European Union or its member states.

More individuals sanctioned

The Council determined that existing restrictive measures should be extended until 18 May 2027, alongside updates to the justification for the listing of four individuals and one legal entity on the sanctions list.

As part of the measures, a Tianjin-based company in China, Huaying Haitai, was identified for providing financial, technical or material support and facilitating the “Operation Cloud Hopper” campaign. This refers to a series of cyberattacks with significant impact attributed to non-EU actors and considered an external threat to the European Union, its member states, and third countries.

Among the listed individuals is Chinese national Gao Qiang, linked to the advanced persistent threat group APT10, also known as Red Apollo, CVNX, Stone Panda, MenuPass and Potassium. He is said to have been involved in Operation Cloud Hopper.

The second listed individual is Zhang Shilong, also a Chinese national associated with APT10 and linked to the same cyber operations.

Threat to EU member states

The Council also lists Russian national Mikhail Mikhailovich Charev, who is said to have participated in cyberattacks with significant impact constituting an external threat to EU member states.

He is also known by aliases including “Mango”, “Alexander Grachev”, “Super Misha”, “Ivanov Mikhail”, “Misha Krutisa” and “Nikita Andreyevich Charev”. He is described as a key actor in the development of malicious software such as “Conti” and “TrickBot”, and is linked to the threat group “Wizard Spider”, which operates from Russia.

The statement notes that the “Wizard Spider” group continues to evolve its operations and intensify malicious cyber activity.

The fourth listed individual, Maksim Galotskin, is also involved in cyberattacks with significant impact that constitute an external threat to the European Union or its member states.

According to the statement, Albania, Bosnia and Herzegovina, Iceland, Moldova, Montenegro, North Macedonia, Norway and Ukraine have aligned themselves with the Council decision and committed to ensuring their national policies are consistent with the restrictive measures.

The European Union welcomed the commitment of these countries and took note of their alignment with the decision.