Annex I to Regulation (EU) 2019/796 is amended in accordance with the Annex to this Regulation.
資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex
Council Implementing Regulation (EU) 2026/1078 of 11 May 2026 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States
This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union .
Schedules & Appendices
ANNEX
Annex I to Regulation (EU) 2019/796 is amended as follows:
(1)
under the heading ‘A. Natural Persons’, entries 1, 2, 13 and 14 are replaced by the following corresponding entries:
Name
Identifying information
Reasons
Date of listing
‘1.
GAO Qiang
Date of birth: 4 October 1983
Place of birth: Shandong Province, China
Address: Room 1102, Guanfu Mansion, 46 Xinkai Road, Hedong District, Tianjin, China
Nationality: Chinese
Gender: male
Gao Qiang is linked to the “APT10” (“Advanced Persistent Threat 10”) umbrella (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”), and has been involved in “Operation Cloud Hopper”, a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States.
“Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss.
Gao Qiang is associated with APT10 command and control infrastructure. Moreover, Huaying Haitai, a company used by APT10, and designated for providing support to and facilitating “Operation Cloud Hopper”, employed Gao Qiang. He is also associated with Zhang Shilong, who is linked to APT10 and who has also been employed by Huaying Haitai.
30.7.2020
2.
ZHANG Shilong
Date of birth: 10 September 1981
Place of birth: China
Address: Hedong, Yuyang Road No 121, Tianjin, China
Nationality: Chinese
Gender: male
Zhang Shilong is linked to the “APT10” (“Advanced Persistent Threat 10”) umbrella (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”), and has been involved in “Operation Cloud Hopper”, a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States.
“Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss.
Zhang Shilong is associated with APT10, including through the malware he developed and tested in connection with the cyber-attacks carried out by APT10.
Moreover, Huaying Haitai, a company used by APT10, and designated for providing support to and facilitating “Operation Cloud Hopper”, employed Zhang Shilong.
He is associated with Gao Qiang, who is linked to APT10 and who has also been employed by Huaying Haitai.
30.7.2020
13.
Mikhail Mikhailovich TSAREV
Михаил Михайлович ЦАРЕВ
Date of birth: 20.4.1989
Place of birth: Serpukhov, Russian Federation
Nationality: Russian
Address: Serpukhov
Gender: male
Mikhail Mikhailovich Tsarev took part in cyberattacks with a significant effect, which constitute an external threat to EU Member States.
Mikhail Mikhailovich Tsarev, also known by the online monikers “Mango”, “Alexander Grachev”, “Super Misha”, “Ivanov Mixail”, “Misha Krutysha”, and “Nikita Andreevich Tsarev” is a key-player in the deployment of the “Conti” and “Trickbot” malware programs and is involved in the Russia-based threat group “Wizard Spider”. Wizard Spider continues to evolve and intensify its operations.
The Conti and Trickbot malware programs were created and developed by Wizard Spider. Wizard Spider has conducted ransomware campaigns in a variety of sectors, including essential services such as health and banking.
The group has infected computers worldwide and their malware has been developed into a highly modular malware suite. Campaigns by Wizard Spider, using malware such as Conti, “Ryuk” TrickBot or Black Basta, are responsible for substantial economic damage in the European Union.
Mikhail Mikhailovich Tsarev is therefore involved in cyberattacks with a significant effect, which constitute an external threat to the Union or its Member States.
24.6.2024
14.
Maksim Sergeevich GALOCHKIN
Максим Сергеевич ГАЛОЧКИН
Date of birth: 19.5.1982
Place of birth: Abakan, Russian Federation
Nationality: Russian
Gender: male
Maksim Galochkin took part in cyberattacks with a significant effect, which constitute an external threat to EU Member States.
Maksim Galochkin is also known by the online monikers “Benalen”, “Bentley”, “Volhvb”, “volhvb”, “manuel”, “Max17” and “Crypt”. Galochkin is a key player in the deployment of the “Conti” and “Trickbot” malware programs and is involved in the Russia-based threat group “Wizard Spider”. He has led a group of testers, with responsibilities for the development, supervision, and implementation of tests for the TrickBot malware program, created and deployed by Wizard Spider. Wizard Spider continues to evolve and intensify its operations.
Wizard Spider has conducted ransomware campaigns in a variety of sectors, including essential services such as health and banking. The group has infected computers worldwide and their malware has been developed into a highly modular malware suite. Campaigns by Wizard Spider, using malware such as Conti, “Ryuk” TrickBot or Black Basta, are responsible for substantial economic damage in the European Union.
Maksim Galochkin is therefore involved in cyberattacks with a significant effect, which constitute an external threat to the Union or its Member States.
24.6.2024’;
(2)
under the heading ‘B. Legal persons, entities and bodies’, entry 1 is replaced by the following:
Name
Identifying information
Reasons
Date of listing
‘1.
Tianjin Huaying Haitai Science and Technology Development Co. Ltd (Huaying Haitai)
a.k.a.: Haitai Technology Development Co. Ltd
Location: Tianjin, China
Huaying Haitai provided financial, technical or material support for and facilitated “Operation Cloud Hopper”, a series of cyber-attacks with a significant effect originating from outside the Union and constituting an external threat to the Union or its Member States and of cyber-attacks with a significant effect against third States.
“Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss.
The actor publicly known as “APT10” (“Advanced Persistent Threat 10”) (a.k.a. “Red Apollo”, “CVNX”, “Stone Panda”, “MenuPass” and “Potassium”) carried out “Operation Cloud Hopper”.
Huaying Haitai can be linked to APT10. Moreover, Huaying Haitai employed Gao Qiang and Zhang Shilong, who are both designated in connection with “Operation Cloud Hopper”. Huaying Haitai is therefore also associated with Gao Qiang and Zhang Shilong.
30.7.2020’.
Cite this act
Council Implementing Regulation (EU) 2026/1078 of 11 May 2026 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32026R1078
© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.
本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com