The European Union has imposed sanctions on three hackers linked to Russia’s military intelligence service, GRU, for their involvement in cyberattacks against Estonia’s government agencies in 2020. The sanctioned individuals—Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov—are accused of stealing thousands of sensitive documents after breaching several key Estonian ministries. The targeted ministries included Economic Affairs, Social Affairs, and Foreign Affairs, with the stolen documents containing classified business secrets, health records, and other critical information that compromised national security.
According to the EU Council, the cyberattacks granted the hackers unauthorized access to highly sensitive data, leading to significant breaches of Estonia’s governmental security infrastructure. The documents stolen in these attacks were vital to the functioning of the affected institutions. These activities highlight the ongoing cyber espionage efforts by Unit 29155, which has previously been linked to a range of destabilizing activities across Europe, including assassinations and bombings.
In addition to the sanctions, the EU also addressed Unit 29155’s broader malicious operations, including its attacks on other EU member states and allies. The group, known for its cyber sabotage and espionage activities, has orchestrated various cyberattacks against NATO members, countries in North America, Latin America, Central Asia, and most recently, organizations providing aid to Ukraine.
Since early 2022, Unit 29155 has targeted Ukrainian institutions with backdoors, data stealers, and phishing-based ransomware attacks.
The United States and its allies have also taken steps to hold these hackers accountable. The U.S. State Department has issued a reward of up to $10 million for information leading to the identification or location of key figures involved in these cyberattacks, including the sanctioned individuals. The attacks on Estonia and other nations are part of a larger trend of Russian cyber operations against global critical infrastructure, further escalating tensions in the geopolitical landscape.