The European Union has sanctioned three Russian nationals for their alleged involvement in cyberattacks targeting Estonia in 2020, the European Council announced on Monday.

Nikolay Korchagin, 28, Vitaly Shevchenko, 28, and Yuriy Denisov, 45 — reportedly linked to Unit 29155 of Russia's GRU military intelligence service — are accused of orchestrating attacks that breached classified information and sensitive data stored in Estonian government ministries.

The attacks resulted in the theft of thousands of confidential documents, including business secrets, health records, and other critical information, according to the council.

Last September, Estonia identified Unit 29155, tracked as Cadet Blizzard and Ember Bear by security researchers, as responsible for the 2020 cyberattack, marking the first time in the country’s history it publicly attributed a state cyberattack to its perpetrator.

“Both a national and an international investigation that included 10 countries showed that Russia’s aim was to damage national computer systems, obtain sensitive information, and strike a blow against our sense of security,” Estonia’s Foreign Minister Margus Tsahkna said at the time.

The sanctioned GRU hackers will face an asset freeze, and European citizens and companies will be prohibited from making funds available to them. Additionally, they will be subject to a travel ban, preventing them from entering or transiting through EU territories.

Earlier in September, the U.S. Department of Justice indicted Unit 29155 and offered a reward of up to $10 million for information that could assist prosecutors. The U.S. indictment focuses on the so-called WhisperGate data-wiping attack targeting Ukraine ahead of the Russian invasion in 2022. 

Korchagin and Denisov are among the individuals specified on the U.S. State Department’s rewards website, while Shevchenko is listed as an “associated individual.”    

Unit 29155 has also been linked to “computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm.” Before 2020, the group was reportedly involved in attempted coups, sabotage, influence operations, and assassination attempts across Europe.

The European Council stated that its decision to impose additional restrictive measures against the Russian hackers “confirms the willingness of the EU and its member states to provide a strong and sustained response to persistent malicious cyber activities targeting the EU, its member states, and partners.”

However, questions remain about the effectiveness of the EU’s response. Despite the intentions behind its sanctions regime, critics have raised concerns about the EU’s ability to attribute and respond effectively to hostile foreign activities, particularly its failure to coordinate actions with partners such as the U.S. and the U.K.

Last year, the European Council faced criticism after a “clerical error” in a formal sanctions notice misidentified the Russian intelligence agency responsible for a series of cyberattacks targeting member states and Ukraine.