Menu
Subscribe to Holyrood updates

Newsletter sign-up

Subscribe

Follow us

Scotland’s fortnightly political & current affairs magazine

Subscribe

Subscribe to Holyrood
by Ethan Claridge
13 July 2026
UK sanctions ‘destructive’ Russian cyber hackers targeting critical services

UK Foreign Secretary Yvette Cooper warned that the Russian state can't hide behind proxy groups | Alamy

UK sanctions ‘destructive’ Russian cyber hackers targeting critical services

The UK government, together with EU member states, has sanctioned 24 individuals involved in “destructive” cyber-attacks linked to Russian intelligence agencies. 

The sanctions include 10 individuals linked to a sophisticated cybercrime network that allowed hackers to collect sensitive information from compromised devices and multiple senior members of the GRU, Russia’s military intelligence agency. 

Foreign Secretary, Yvette Cooper, said:     

“These sanctions strike at the core of the cybercriminal networks propping up the Russian state’s aggression, and the UK and EU are sending a clear message that Russia cannot hide behind its use of these proxy groups. “ 

Additionally, the National Cyber Security Centre (NCSC), a part of GCHQ, published an advisory warning against the methods of Russian state hackers. 

The advisory, which has been signed by 18 government agencies from 12 countries, warns that a Russian Federal Security Service (FSB) group called “Centre 16” are opportunistically targeting critical national infrastructure through compromised routers on networks around the world.  

Critical national infrastructure is classed as assets that are essential to the running of the state. In the UK there are 13 designated sectors such as energy, water, transport, telecoms, and health which fall under this categorisation, whose loss or compromise would cause major disruption or threaten national security.  

Jonathon Ellison, NCSC Director of National Resilience, said:  

“The NCSC, alongside our international partners, have repeatedly exposed the advanced tools and coordinated campaigns of Russian cyber actors who persistently seek to exploit any vulnerability they encounter.  

“Today’s joint advisory provides decisive, actionable directions from the global security community that network defenders should implement to protect against Russian Intelligence operations and secure the UK’s critical infrastructure.” 

Speaking at the Royal United Services Institute’s (RUSI) Annual Security Lecture in June, Dr Richard Horne, chief executive of the NCSC, said that the NCSC dealt with more than 200 cyber incidents related to critical national infrastructure in the year to May 2026. Around 75 per cent of those are believed to be linked to hostile states, such as Russia, China and Iran, whose agencies are increasingly targeting the systems that underpin the UK’s essential services. 

As part of the sanctions package, the UK has also named Centre 16, alternatively known as Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra as the perpetrators behind the thwarted December 2025 attack on Poland’s energy grid. If that attack had been successful, it could have caused 500,000 civilians to lose electricity.  

The NCSC signed the advisory alongside agencies from Australia, Canada, the Czech Republic, Denmark, Estonia, Finland, France, Italy, New Zealand, Poland, Sweden and the United States. 

Holyrood Newsletters

Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe

Get award-winning journalism delivered straight to your inbox

Get award-winning journalism delivered straight to your inbox

Subscribe

Popular reads
Back to top