• Cyber Syrup
  • Posts
  • UK Imposes Sanctions on Russian GRU Units Over Cyberattacks and Assassination Plots

UK Imposes Sanctions on Russian GRU Units Over Cyberattacks and Assassination Plots

The United Kingdom has announced a new round of sanctions targeting Russian military intelligence units and individuals responsible for cyberattacks, disinformation campaigns, and assassination attempts

July 22, 2025

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

  1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

  2. Master AI tools, tutorials, and news in just 3 minutes a day

  3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

UK Imposes Sanctions on Russian GRU Units Over Cyberattacks and Assassination Plots

The United Kingdom has announced a new round of sanctions targeting Russian military intelligence units and individuals responsible for cyberattacks, disinformation campaigns, and assassination attempts. The move highlights the growing concern over state-sponsored cyber aggression and international security threats.

Targeted GRU Units and Their Activities

The UK sanctions specifically target three units of the Russian General Staff Main Intelligence Directorate (GRU):

  • Unit 29155 (aka Cadet Blizzard, Frozenvista, DEV-0586, UNC2589)

  • Unit 26165 (aka APT28, Fancy Bear, Forest Blizzard)

  • Unit 74455 (aka APT44, Sandworm, Iridium)

These groups have been linked to destructive cyber operations and military sabotage in Ukraine and across NATO and EU member states.

Unit 29155: Destructive Attacks and Assassination Attempts

Unit 29155 has been tied to:

  • The WhisperGate wiper malware used against Ukraine in early 2022.

  • The 2014 explosion at an ammunition depot in Czechia.

  • The 2018 attempted assassination of Sergei and Yulia Skripal in Salisbury, UK.

  • Cyberattacks against the Estonian government in 2020.

This group has reportedly been conducting offensive cyber operations since at least 2020.

Unit 26165: Political Disruption and Surveillance

Unit 26165 (APT28) is known for:

  • Hacking TV5 Monde, the German Bundestag, and the US Democratic Party.

  • Interference in French elections and Olympic Games planning.

  • Surveillance of Ukrainian bomb shelters before Russia’s bombing of the Mariupol Theatre.

  • Malware development (X-Agent) and close-access operations against organizations tracking chemical weapons.

Prominent members named include Sergey Morgachev, Aleksey Lukashev, and Ivan Yermakov, among others.

Unit 74455: Infrastructure and Disinformation Attacks

Unit 74455 (Sandworm/APT44) has targeted:

  • Critical infrastructure and industrial control systems (ICS).

  • Ukrainian government, military, and telecom sectors.

  • Collaboration with APT28 in joint campaigns.

This group was behind major operations such as the BlackEnergy and Industroyer attacks, as well as the disruption of Kyivstar, a major Ukrainian mobile operator.

Additional Sanctions: Disinformation and Malware Development

The UK also sanctioned members involved in the African Initiative, a Russian state-backed influence operation. Those sanctioned include Victor Lukovenko, Artyom Kureyev, and Anna Zamareyeva for distributing pro-Russian propaganda and organizing media visits to occupied territories.

Additionally, the UK’s National Cyber Security Centre (NCSC) attributed a new malware family named Authentic Antics to APT28. This tool is designed for persistent access to Microsoft cloud accounts, stealing user credentials through fake login prompts and exfiltrating sensitive data.