By Maya Lester QC & Michael O’Kane

Sanctions Profile: Cyber-Attacks

At a glance

The EU adopted Council Regulation (EU) 2019/796 and Council Decision (CFSP) 2019/797 in May 2019 to establish a new sanctions regime to deter and respond to malicious cyber activities on EU member states, third states and international organisations.

The UK adopted The Cyber (Sanctions) (EU Exit) Regulations 2020 in January 2021 to further the prevention of cyber activity that undermines the integrity, prosperity or security of the UK, causes economic loss, undermines the effective functioning of international organisations or NGOs, or affects a significant number of persons in an indiscriminate manner.

Subscribe for full access

News

US lists IRGC-affiliated group over cyber-attacks

OFAC has designated 10 people and 2 entities affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) for their alleged involvement in malicious cyber-attacks. The group is said to exploit software vulnerabilities to carry out their ransomware activities and has targeted US and Middle Eastern defence, diplomatic and government personnel. OFAC Press Release & Notice, State Department Press Release. Those listed …

Cyber-AttacksCyber-Attacks IranIran

OFAC amends & reissues Cyber-Related Sanctions Regulations

OFAC has amended and reissued in their entirety the Cyber-Related Sanctions Regulations. Final Rule & Notice. The amendments include the implementation of: Executive Order (E.O.) 13694, as amended by E.O. 13757; section 224(a)(1) of Countering America’s Adversaries Through Sanctions Act (CAATSA) and exceptions listed in section 236 of CAATSA; 3 General Licences; and additional interpretive and definitional guidance. OFAC has …

Cyber-AttacksCyber-Attacks

US sanctions Iranian Ministry of Intelligence & Minister

In response to the July 2022 cyber-attack against the Albanian government, Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence Esmail Khatib were designated by OFAC on Friday (9 September 2022) pursuant to Executive Order (E.O.) 13694 (cyber sanctions), as amended. The Government of Iran and MOIS are said to have sponsored cyber threat actors that disrupted …

IranIran Cyber-AttacksCyber-Attacks

Netherlands arrests suspected Tornado Cash developer

The Dutch Fiscal Information and Investigation Service (FIOD) announced on Friday (12 August 2022) that it had arrested a suspected developer of Tornado Cash, a virtual currency mixer which was designated by OFAC on 8 August 2022 (previous post). The 29-year-old man is suspected of concealing criminal financial flows and facilitating money laundering through the mixer. The FIOD said it …

Cyber-AttacksCyber-Attacks

OFAC designates virtual currency mixer Tornado Cash

OFAC has designated virtual currency mixer Tornado Cash pursuant to Executive Order (E.O.) 13694, as amended. Tornado Cash, which operates on the Ethereum blockchain, is said to have been used to launder over $7 billion worth of virtual currency since its creation in 2019, including over $455 million stolen by the Lazarus Group, $96 million derived from the 24 June …

Cyber-AttacksCyber-Attacks

Current Sanctions

EU UK

Consolidated

Council Regulation (EU) 2019/796

Parent Regulation

Council Regulation (EU) 2019/796

Amended by:

Council Implementing Regulation (EU) 2020/1124

Council Implementing Regulation (EU) 2020/1536

Consolidated

Council Decision (CFSP) 2019/797

Parent Regulation

Council Decision (CFSP) 2019/797

Amended by:

Council Decision (CFSP) 2020/651

Council Decision (CFSP) 2020/1127

Council Decision (CFSP) 2020/1537

Council Decision (CFSP) 2021/796

The Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597)

Share this page on: