EU Sanctions Russian Intelligence Officers Over Years-Long Cyber Spying and Sabotage Campaign
Brussels has placed travel bans and asset freezes on individuals tied to a Russian-linked network accused of spying on European governments and attacking critical infrastructure.

Key points
- The European Union sanctioned multiple individuals and entities in 2024 over alleged links to a Russian cyber espionage network.
- The targets are accused of running a years-long campaign of digital spying against EU member-state governments.
- The EU also alleges the network carried out sabotage operations against critical infrastructure, meaning essential services such as power grids, water systems, and transport networks.
- Sanctions include asset freezes, which lock any money or property held in EU territory, and travel bans barring entry to EU countries.
The European Union has formally sanctioned a group of Russian intelligence officers and associated entities, holding them responsible for what Brussels describes as a sustained campaign of online spying and physical sabotage directed at European governments and key public services.
Sanctions are a legal tool that governments use to punish behaviour short of military action. In practical terms, the people named now cannot travel to any EU country, and any assets they hold inside the EU are frozen.
The EU's accusations go beyond spying on emails and documents. Officials claim the network also carried out sabotage against critical infrastructure, the term regulators use for systems that keep societies running, things like electricity supplies, water treatment, and railway networks. Disrupting those services can affect ordinary citizens directly.
Why does this matter to people outside government?
It matters because the alleged targets were not only government ministries. When sabotage operations hit critical infrastructure, the effects reach homes, hospitals, and businesses. A power outage caused by a cyberattack is just as disruptive as one caused by a storm, and far harder to explain to the public in real time.
The EU has been tightening its legal framework for exactly this kind of threat. Its NIS2 Directive, short for Network and Information Systems Directive 2, which came into force in January 2023 with member-state implementation required by October 2024, sets mandatory security standards for operators of essential services across the bloc. Sanctions like these sit alongside that regulatory push, signalling that Brussels intends to name and punish the people behind attacks, not just issue rules for defenders.
As reported by SecurityWeek, the move follows a broader pattern of Western governments using financial and travel penalties to publicly attribute cyberattacks to specific intelligence services, rather than leaving accusations vague.
For everyday citizens, the immediate practical step is straightforward: if you work for a public body, a utility company, or any organisation classed as essential infrastructure, your employer's cybersecurity posture is now a matter of EU law, not just good practice. Pay attention to security guidance from your IT team. Phishing emails, where criminals send fake messages to trick staff into handing over passwords or clicking harmful links, remain the most common way attackers get inside organisations of exactly the kind that were allegedly targeted here.



