By Maya Lester KC & Michael O’Kane

Sanctions Profile: Cyber-Attacks

At a glance

The EU adopted Council Regulation (EU) 2019/796 and Council Decision (CFSP) 2019/797 in May 2019 to establish a new sanctions regime to deter and respond to malicious cyber activities on EU member states, third states and international organisations.

The UK adopted The Cyber (Sanctions) (EU Exit) Regulations 2020 in January 2021 to further the prevention of cyber activity that undermines the integrity, prosperity or security of the UK, causes economic loss, undermines the effective functioning of international organisations or NGOs, or affects a significant number of persons in an indiscriminate manner.

Subscribe for full access


OFAC makes designations under cyber, Lebanon, Global Magnitsky & North Korea sanctions & de-lists 23

In the past week, OFAC has made additions to its cyber, Lebanon, Global Magnitsky and North Korea sanctions regimes. Cyber One of the world’s largest illicit marketplaces, Genesis Market, was designated by OFAC today for its part in the theft and sale of device credentials and related sensitive information. Genesis is believed to be based in Russia and has a …

Cyber-AttacksCyber-Attacks LebanonLebanon CorruptionCorruption North KoreaNorth Korea VenezuelaVenezuela

UK & US impose cyber sanctions & OFSI issues new guidance

In coordinated actions, the UK and US have designated 7 people who are said to be part of the Russia-based cybercrime gang Trickbot. Trickbot is alleged to have conducted a variety of illegal cyber activities, including ransomware attacks against hospitals, and members of the group are said to be associated with the Russian Intelligence Services. Vitaliy Kovalev, Valery Sedletski, Valentin …


US lists IRGC-affiliated group over cyber-attacks

OFAC has designated 10 people and 2 entities affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) for their alleged involvement in malicious cyber-attacks. The group is said to exploit software vulnerabilities to carry out their ransomware activities and has targeted US and Middle Eastern defence, diplomatic and government personnel. OFAC Press Release & Notice, State Department Press Release. Those listed …

Cyber-AttacksCyber-Attacks IranIran

OFAC amends & reissues Cyber-Related Sanctions Regulations

OFAC has amended and reissued in their entirety the Cyber-Related Sanctions Regulations. Final Rule & Notice. The amendments include the implementation of: Executive Order (E.O.) 13694, as amended by E.O. 13757; section 224(a)(1) of Countering America’s Adversaries Through Sanctions Act (CAATSA) and exceptions listed in section 236 of CAATSA; 3 General Licences; and additional interpretive and definitional guidance. OFAC has …


US sanctions Iranian Ministry of Intelligence & Minister

In response to the July 2022 cyber-attack against the Albanian government, Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence Esmail Khatib were designated by OFAC on Friday (9 September 2022) pursuant to Executive Order (E.O.) 13694 (cyber sanctions), as amended. The Government of Iran and MOIS are said to have sponsored cyber threat actors that disrupted …

IranIran Cyber-AttacksCyber-Attacks

Current Sanctions



Council Regulation (EU) 2019/796

Parent Regulation

Council Regulation (EU) 2019/796

Amended by:

Council Implementing Regulation (EU) 2020/1124

Council Implementing Regulation (EU) 2020/1536


Council Decision (CFSP) 2019/797

Parent Regulation

Council Decision (CFSP) 2019/797

Amended by:

Council Decision (CFSP) 2020/651

Council Decision (CFSP) 2020/1127

Council Decision (CFSP) 2020/1537

Council Decision (CFSP) 2021/796

The Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597)

Share this page on: