EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities
A recent cyberattack targeting Poland’s critical infrastructure has been officially linked to Russia’s Federal Security Service (FSB). In response, the European Union (EU) and the United Kingdom have announced a coordinated package of cyber sanctions aimed at Russian-linked hackers and organizations. This development follows an attempted disruption of Poland’s energy sector last winter, which nearly resulted in a major blackout affecting approximately half a million people.
Attribution of Cyber Sabotage to FSB’s Center 16
Statements released by the EU and UK indicate that the FSB’s Center 16 was responsible for cyber sabotage against Poland’s heating and power infrastructure, as well as cyber intrusions targeting water treatment facilities. The agencies have accused Center 16 of conducting broader cyber operations against governments and critical infrastructure across Europe.
The EU has emphasized that Center 16, the signals intelligence arm of the FSB, has engaged in malicious cyber activities that have impacted multiple member states and international partners. These operations reportedly include infiltration of government networks, cyber espionage, and sabotage targeting critical infrastructure in countries such as France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland.
Implications of the Attack on Poland’s Energy Sector
The attempted cyberattack on Poland’s energy grid last winter was initially attributed by cybersecurity firms ESET and Dragos to Sandworm, a threat group linked to Russia’s military intelligence agency. However, Poland’s national cybersecurity agency, CERT Polska, later disputed this assessment, tracing the attack infrastructure back to a cluster associated with the FSB.
In May, Poland’s domestic intelligence service warned that cyber intrusions targeting the country’s water treatment facilities posed a direct risk to the continuity of water supply. This highlights the ongoing threats to critical infrastructure and the potential for significant disruptions.
Expansion of Cyber Sanctions by the EU and UK
In light of these developments, the EU has imposed restrictive measures on nine individuals and four entities linked to Russia’s cyber ecosystem. The sanctions specifically target intelligence officers, cybercriminals, self-proclaimed hacktivists, and private companies accused of facilitating malicious cyber operations.
The broader sanctions package announced by European partners targets over 30 individuals and organizations, including operators behind the Lumma Stealer malware, companies accused of recruiting hackers from Russian universities, and individuals associated with the pro-Kremlin Rybar military blog.
EU foreign policy chief Kaja Kallas stated that Russia continues to rely on intelligence agencies, cybercriminal groups, hacktivists, and private companies to conduct malicious cyber operations against Europe and its partners. She condemned the misuse of this cyber ecosystem, which has resulted in operational disruptions and financial losses.
France’s Response to FSB Activities
France has also announced additional sanctions and plans to summon the Russian ambassador over what it describes as persistent malicious cyber activities conducted for espionage purposes. A technical report from France’s Cyber Crisis Coordination Center identified 11 interception centers operated by Center 16 across Russia, including Unit 61240, which specifically targets France.
French authorities have alleged that this unit has been involved in various cyber operations, including targeting government ministry systems in 2014 and compromising the French Embassy network in Moscow in 2018. They also reported significant data theft from a research institute collaborating with the French defense industry in February 2025.
Ongoing Threats and Allied Advisory
In conjunction with the sanctions, the United States and intelligence agencies from a dozen allied countries have published a joint cybersecurity advisory. This advisory warns that Russian operators linked to Center 16 have been scanning internet-connected devices protected by weak or default credentials.
The United Kingdom has separately sanctioned individuals connected to Lumma Stealer, which is described as one of the world’s most widely used information-stealing malware families. British officials noted that credentials stolen through this malware have been utilized to support Russian espionage operations globally. The UK’s National Crime Agency reported that over 2,100 victims in the country were infected by Lumma Stealer in the past six months.
British Foreign Secretary Yvette Cooper emphasized that the sanctions aim to disrupt the cybercriminal ecosystem supporting Moscow’s intelligence services, sending a clear message against the use of proxy cyber groups.
The Kremlin has consistently denied conducting offensive cyber operations. Russian President Vladimir Putin has dismissed European allegations of sabotage and cyberattacks as baseless, asserting that they are intended to justify aggressive policies against Russia.
For further information, please refer to the original reporting source: thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


