Introduction
1. Council Regulation (EU) 2019/796 (“the Regulation”) concerning restrictive measures against cyber-attacks has been amended.
Notice summary (Full details are provided in the Annex to this Notice)
2. 9 designations have been made and are now subject to an asset freeze.
What you must do
3. You must:
check whether you maintain any accounts or hold any funds or economic resources for the persons set out in the Annex to this Notice.
freeze such accounts, and other funds or economic resources.
refrain from dealing with the funds or assets or making them available (directly or indirectly) to such persons unless licensed by the Minister for External Relations (“MER”).
report any findings to MER, together with any additional information that would facilitate compliance with the Regulation, in accordance with the Sanctions and Asset-Freezing (Jersey) Law 2019 (“SAFL”).
provide any information concerning the frozen assets of designated persons that MER may request. Information reported to MER may be passed on to other regulatory authorities or law enforcement.
4. Failure to comply with financial sanctions legislation or to seek to circumvent its provisions is a criminal offence.
Legislative details
5. The Regulation is implemented in Jersey by the EU Legislation (Sanctions – Cyber-attacks) (Jersey) Order 2019 (“the Cyber-Attacks Order”) and SAFL.
6. On 30 July 2020 Council Implementing Regulation (EU) 2020/1125 (“the Amending Regulation”) was published in the Official Journal of the European by the Council of the European Union.
7. The Amending Regulation amended Annex I to the Regulation with effect from 30 July 2020. Any changes to the Annex are effective immediately in Jersey by virtue of the ambulatory provisions of the Cyber-Attack Order.
8. In accordance with SAFL, this asset-freeze designation was effective immediately in Jersey.
Further Information
9. A copy of the Amending Regulation can be obtained from the website of the Official Journal of the European Union.
10. Copies of Jersey sanctions Orders and other legislation, including the Cyber-Attack Order and SAFL, can be found on the
Jersey Legal Information Board website.
11. Copies of recent Notices, certain EU Regulations, UNSC Resolutions and Jersey legislation can be obtained from the
Cyber attacks financial sanctions page on the Jersey Financial Services Commission (JFSC) website.
12. For more information please see the Jersey Financial Services Commission
guidance on financial sanctions
Enquiries
13. Non-media enquiries, reports and licence applications should be addressed to:
Head of International Compliance
Office of the Chief Executive
External Relations
sanctions@gov.je
ANNEX TO NOTICE
FINANCIAL SANCTIONS: CYBER-ATTACK
COUNCIL IMPLEMENTING REGULATION (EU) 2020/1125
AMENDING ANNEX I TO COUNCIL REGULATION (EU) 2019/96
ADDITIONS
Individuals
1. GAO, Qiang
Place of birth: Shandong Province, China.
Address: Room 1102, Guanfu Mansion, 46 Xinkai Road, Hedong District, Tianjin, China.
Nationality: Chinese.
Gender: male.
Reasons: Gao Qiang is involved in “Operation Cloud Hopper”, a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States. “Operation Cloud Hopper” targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss. The actor publicly known as “APT10” (“Advanced Persistent Threat 10”) (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”) carried out “Operation Cloud Hopper”. Gao Qiang can be linked to APT10, including through his association with APT10 command and control infrastructure. Moreover, Huaying Haitai, an entity designated for providing support to and facilitating “Operation Cloud Hopper”, employed Gao Qiang. He has links with Zhang Shilong, who is also designated in connection with “Operation Cloud Hopper”. Gao Qiang is therefore associated with both Huaying Haitai and Zhang Shilong.
2. ZHANG, Shilong
Address: Hedong, Yuyang Road No 121, Tianjin, China.
Nationality: Chinese.
Gender: male.
Reasons: Zhang Shilong is involved in “Operation Cloud Hopper”, a series of cyber‐attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber‐attacks with a significant effect against third States.
“Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss. The actor publicly known as “APT10” (“Advanced Persistent Threat 10”) (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”) carried out “Operation Cloud Hopper”. Zhang Shilong can be linked to APT10, including through the malware he developed and tested in connection with the cyber-attacks carried out by APT10. Moreover, Huaying Haitai, an entity designated for providing support to and facilitating “Operation Cloud Hopper”, employed Zhang Shilong. He has links with Gao Qiang, who is also designated in connection with “Operation Cloud Hopper”. Zhang Shilong is therefore associated with both Huaying Haitai and Gao Qiang.
3. MININ, Alexey Valeryevich
Name (original script): Алексей Валерьевич МИНИН.
Date of birth: 27 May 1972.
Place of birth: Perm Oblast, Russian SFSR (now Russian Federation).
Passport number: 120017582. Issued by: Ministry of Foreign Affairs of the Russian Federation Validity: from 17 April 2017 until 17 April 2022.
Location: Moscow, Russian Federation.
Nationality: Russian.
Gender: male.
Reasons: Alexey Minin took part in an attempted cyber-attack with a potentially significant effect against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands. As a human intelligence support officer of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), Alexey Minin was part of a team of four Russian military intelligence officers who attempted to gain unauthorised access to the Wi-Fi network of the OPCW in The Hague, the Netherlands, in April 2018. The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work. The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.
4. MORENETS, Aleksei Sergeyvich
Name (original script): Алексей Сергеевич МОРЕНЕЦ.
Date of birth: 31 July 1977.
Place of birth: Murmanskaya Oblast, Russian SFSR (now Russian Federation).
Passport number: 100135556. Issued by: Ministry of Foreign Affairs of the Russian Federation Validity: from 17 April 2017 until 17 April 2022.
Location: Moscow, Russian Federation.
Nationality: Russian.
Gender: male.
Reasons: Aleksei Morenets took part in an attempted cyber-attack with a potentially significant effect against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands. As a cyber-operator for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), Aleksei Morenets was part of a team of four Russian military intelligence officers who attempted to gain unauthorised access to the Wi-Fi network of the OPCW in The Hague, the Netherlands, in April 2018. The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work. The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.
5. SEREBRIAKOV, Evgenii Mikhaylovich
Name (original script): Евгений Михайлович СЕРЕБРЯКОВ.
Date of birth: 26 July 1981.
Place of birth: Kursk, Russian SFSR (now Russian Federation).
Passport number: 100135555. Issued by: Ministry of Foreign Affairs of the Russian Federation Validity: from 17 April 2017 until 17 April 2022.
Location: Moscow, Russian Federation.
Nationality: Russian. Gender: male.
Reasons: Evgenii Serebriakov took part in an attempted cyber-attack with a potentially significant effect against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands.
As a cyber-operator for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), Evgenii Serebriakov was part of a team of four Russian military intelligence officers who attempted to gain unauthorised access to the Wi-Fi network of the OPCW in The Hague, the Netherlands, in April 2018. The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work. The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.
6. SOTNIKOV, Oleg Mikhaylovich
Name (original script): Олег Михайлович СОТНИКОВ. Date of birth: 24 August 1972.
Place of birth: Ulyanovsk, Russian SFSR (now Russian Federation).
Passport number: 120018866. Issued by: Ministry of Foreign Affairs of the Russian Federation Validity: from 17 April 2017 until 17 April 2022.
Location: Moscow, Russian Federation.
Nationality: Russian.
Gender: male.
Reasons: Oleg Sotnikov took part in an attempted cyber-attack with a potentially significant effect against the Organisation for the Prohibition of Chemical Weapons (OPCW), in the Netherlands. As a human intelligence support officer of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), Oleg Sotnikov was part of a team of four Russian military intelligence officers who attempted to gain unauthorised access to the Wi-Fi network of the OPCW in The Hague, the Netherlands, in April 2018. The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work. The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.
Entities
1. Tianjin Huaying Haitai Science and Technology Development Co. Ltd (Huaying Haitai)
a.k.a.: Haitai Technology Development Co. Ltd.
Location: Tianjin, China.
Reasons: Huaying Haitai provided financial, technical or material support for and facilitated “Operation Cloud Hopper”, a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States. “Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss. The actor publicly known as “APT10” (“Advanced Persistent Threat 10”) (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”) carried out “Operation Cloud Hopper”. Huaying Haitai can be linked to APT10. Moreover, Huaying Haitai employed Gao Qiang and Zhang Shilong, who are both designated in connection with “Operation Cloud Hopper”. Huaying Haitai is therefore associated with Gao Qiang and Zhang Shilong.
2. Chosun Expo
a.k.a.: Chosen Expo; Korea Export Joint Venture.
Location: DPRK.
Reasons: Chosun Expo provided financial, technical or material support for and facilitated a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States, including the cyber-attacks publicly known as “WannaCry” and cyber-attacks against the Polish Financial Supervision Authority and Sony Pictures Entertainment, as well as cyber-theft from the Bangladesh Bank and attempted cyber-theft from the Vietnam Tien Phong Bank. “WannaCry” disrupted information systems around the world by targeting information systems with ransomware and blocking access to data. It affected information systems of companies in the Union, including information systems relating to services necessary for the maintenance of essential services and economic activities within Member States. The actor publicly known as “APT38” (“Advanced Persistent Threat 38”) or the “Lazarus Group” carried out “WannaCry”. Chosun Expo can be linked to APT38 / the Lazarus Group, including through the accounts used for the cyber-attacks.
3. Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU)
Address: 22 Kirova Street, Moscow, Russian Federation.
Reasons: The Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU), also known by its field post number 74455, is responsible for cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and for cyber-attacks with a significant effect against third States, including the cyber-attacks publicly known as “NotPetya” or “EternalPetya” in June 2017 and the cyber-attacks directed at an Ukrainian power grid in the winter of 2015 and 2016. “NotPetya” or “EternalPetya” rendered data inaccessible in a number of companies in the Union, wider Europe and worldwide, by targeting computers with ransomware and blocking access to data, resulting amongst others in significant economic loss. The cyber-attack on a Ukrainian power grid resulted in parts of it being switched off during winter. The actor publicly known as “Sandworm” (a.k.a. “Sandworm Team”, “BlackEnergy Group”, “Voodoo Bear”, “Quedagh”, “Olympic Destroyer” and “Telebots”), which is also behind the attack on the Ukrainian power grid, carried out “NotPetya” or “EternalPetya”. The Main Centre for Special Technologies of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation has an active role in the cyber‐activities undertaken by Sandworm and can be linked to Sandworm.
Ministry of External Relations
31 July 2020
gov.je