EU, UK and France Sanction Russia Over Coordinated Hacking and Sabotage Campaign Across Europe
France summoned Russia's ambassador on Monday after European governments accused the FSB, Russia's main intelligence service, of running a campaign to spy on and disrupt critical infrastructure across more than a dozen countries.

Key points
- France, the EU and the UK all announced sanctions against Russia on 14 July 2026 over an alleged coordinated hacking and sabotage campaign.
- The EU sanctioned nine individuals and four entities, including officers of the GRU, Russia's military intelligence agency.
- The UK sanctioned 24 individuals and entities in total for what it called "cyber and hybrid operations".
- The FSB, Russia's primary intelligence and security service, allegedly directed the campaign against governments, companies and infrastructure operators in at least twelve European countries.
- A separate alleged FSB plot targeting Poland's energy grid, one month after a railway bombing in November 2025, could have cut electricity to 500,000 civilians, according to the UK government.
Russia's ambassador in Paris was summoned on Monday after France accused the FSB of orchestrating "a vast cyber campaign" across Europe. French Foreign Minister Jean-Noel Barrot announced the move in an interview, saying France would join the EU and UK in sanctioning the individuals and organisations behind the attacks.
The campaign, as described by European officials, was not a single intrusion. It was a sustained, multi-country effort to steal information and disrupt operations. Targets included government ministries, private companies and service operators across France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland, among others.
The EU said the FSB controlled a network of hackers, criminal groups, self-described "hacktivists" (online activists who carry out attacks to make a political point) and private companies. Officials described this as a "malicious cyber ecosystem" used to break into government computer networks and damage critical infrastructure, meaning the power grids, railways and other systems that keep societies running.
How did these attacks cause real-world damage?
Some of the disruption went well beyond computers. Poland's railway network was the clearest example. In November 2025, two Ukrainian nationals allegedly working for Russian intelligence were accused of bombing a railway line. Poland's foreign minister called it "an act of state terror". A month later, a separate alleged FSB plot to attack Poland's electricity grid was disrupted before it could succeed. The UK government said it could have left 500,000 civilians without power.
In April 2026, Sweden said it had foiled a Russian cyberattack on a thermal power plant the previous year. The announcements from Poland, Sweden, Norway, Denmark and Latvia form a pattern: Russia probing and hitting the infrastructure ordinary people depend on.
The EU condemned what it called Russia's use of criminal proxies alongside state agents, a tactic that gives Moscow distance from the attacks while still directing the outcomes.
The announcements came as France hosted a "Coalition of the Willing" summit, a gathering of Ukraine's allies, in Paris. CBS News first reported the timing, and the Kremlin responded by calling the coalition "warmongers."
If you work in infrastructure, transport, energy or government IT, here is what this pattern demands:
Review who has access to your operational systems and remove accounts that are no longer needed. Treat unexpected contact from suppliers or contractors as a potential social-engineering attempt, where criminals pose as trusted contacts to gain access. Report unusual network activity to your national cybersecurity authority without waiting to be certain something is wrong.



