The European Union (EU) council sanctioned three Russians who ran a covert cyber operation that targeted Estonia’s critical infrastructure. During the 2020 campaign, they stole thousands of confidential documents from multiple Estonian government agencies, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs.

“These documents included business secrets, health records, and other critical information compromising the security of the affected institutions,” the official EU Council said in a press release.

An investigation revealed that three Russian military officers were behind the attack. It’s common for state-sponsored malware hacks to have military leaders backing them. In this case, Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov, all officers of the General Staff of the Armed Forces of the Russian Federation, unit 29155, are being accused of the attacks.

“Unit 29155 is also responsible for conducting cyber-attacks against other EU member states and partners, notably Ukraine,” the Council said. The group is also allegedly responsible for political assassinations and destabilization actions, including bombings, across Europe.

Some of the unit members are currently active in Ukraine, Africa, and Western Europe. The EU has previously placed sanctions on the whole unit.

With their names being added to the list, the EU has now sanctioned 17 individuals and four entities. These sanctions include travel bans and freezes while banning other EU individuals and entities from providing funds to anyone banned.

These names were added as a result of the EU adopting a new framework for responding to malicious cyber attacks from Russia.

“This framework allows the EU to target individuals and entities engaged in actions and policies, including cyber-attacks, by the government of the Russian Federation, which undermine the fundamental values of the EU and its member states, their security, independence and integrity, as well as those of international organizations and third countries,” the Council said.

Since the EU recently condemned Russia’s aggressive cybersecurity attacks and adopted a more reactive framework, more sanctions will likely follow for Russian state-sponsored hackers.