
EU and NATO sanction Russia over cyberattacks targeting critical infrastructure in Poland and Europe
The European Union imposed sanctions on nine individuals and four entities linked to Russian cyber operations, with NATO and the UK issuing parallel condemnations on 13 July 2026. Poland's power grid and heating plants were among the targets.
The European Union and its member states formally condemned a sustained Russian cyber campaign targeting government networks, defence industries, and critical infrastructure across at least nine European countries. The coordinated diplomatic response, announced on Monday 13 July 2026 during a meeting of EU foreign ministers in Brussels, was accompanied by new sanctions on Russian intelligence officers, cybercriminals, and private companies.
Attribution to FSB Unit 16
EU foreign policy chief Kaja Kallas stated that Unit 16 of Russia's Federal Security Service (FSB) controls multiple cyber threat groups, including one of the most active, TURLA. The unit has been conducting cyber espionage against strategic government entities in France since 2010 and expanded to targeting its defence industry from 2025 onward.
The EU and its member states condemn Russia's malicious cyber activity and its exploitation of a cyber ecosystem encompassing state and non-state entities, from intelligence services to cybercriminal groups, hacktivists, and private companies.
In Germany, government bodies have been the primary targets. Most recently in Poland, Unit 16 carried out destructive sabotage operations against critical infrastructure, including combined heat and power plants. The UK Foreign Office noted that one attack on Poland's energy network "could have left 500,000 citizens without electricity in the middle of winter."
Targets across the continent
The list of affected countries named by Kallas includes France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland. The operations span infiltration of government networks, sabotage of critical infrastructure, and cyber espionage against defence contractors. The broader Russian cyber ecosystem (encompassing intelligence services, criminal groups, self-proclaimed hacktivists, and private firms operating under state direction) has conducted, enabled, and facilitated a wide spectrum of malicious actions aimed at destabilising decision-making structures in EU and NATO states.
We firmly condemn Russia's actions and its misuse of this cyber ecosystem, targeting public services and critical infrastructure, causing disruption and financial losses.
Sanctions regime
The EU placed nine individuals and four entities on its sanctions list, including officers of Russia's military intelligence service (GRU), cybercriminals, hackers, and private companies supporting Russia's destabilisation efforts. The UK simultaneously sanctioned 24 individuals and entities. The British Foreign Office described the Russian state and its criminal networks as "responsible for cyberattacks, election interference, and the spread of malicious anti-Ukrainian narratives across Europe." Poland's Ministry of Foreign Affairs noted this marks the first time sanctions on this scale cover not only natural persons but also other entities involved in hostile cyber operations.
- FSB Unit 16 conducts cyber espionage against strategic government entities in France
- Espionage expands to target French defence industry
- Government bodies in Germany remain primary targets of FSB cyber operations
- Destructive sabotage operations hit Polish critical infrastructure, including combined heat and power plants
- EU and UK announce coordinated sanctions; NATO Council issues formal condemnation
NATO and allied response
The North Atlantic Council, NATO's permanent political decision-making body, issued a statement expressing full solidarity with affected countries. It noted convergent positions from the United Kingdom and the European Union. The Council called on the Kremlin to immediately cease destabilising activities that flagrantly violate international norms of responsible state behaviour in cyberspace.
We firmly condemn Russia's ongoing malicious cyber activities, which exploit its cyber ecosystem to attack NATO allies and partners. These actions pose a threat to the Alliance's security.
Allies stressed their commitment to a free, open, and secure cyberspace but signalled they would not limit their response to diplomatic protests alone. Poland's foreign ministry separately called for an immediate halt to the cyberattacks.
- EU individuals
- 9 individuals/entities
- EU entities
- 4 individuals/entities
- UK individuals and entities
- 24 individuals/entities
Escalation pattern
The EU assessment is that FSB-led malicious cyber activities have been growing increasingly serious over several years. Military intelligence services are reportedly recruiting hackers and cybersecurity specialists from universities across Russia. The campaign combines espionage, sabotage, and influence operations designed to erode trust in democratic institutions and disrupt essential services in multiple EU member states simultaneously.

