Article Details

European Union sanctions Stark Industries for enabling cyberattacks. The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling “destabilising activities” against the Union. The action is part of the European Council’s effort to protect against Russian hybrid threats. It affects 21 individuals and six entities behind activities that supported or promoted Russia’s foreign policy interests and distributed pro-Russian propaganda through media outlets. Web-hosting service Stark Industries stands out in the Council’s updated list of sanctions. “They have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber-attacks against the Union and third countries” - Council of the European Union Stark Industries is incorporated in the United Kingdom and provides VPS/VDS servers in the UK, the Netherlands, Germany, France, Turkey, and the U.S. The company provides multiple payment methods, including Bitcoin, Monero, Dash, and Ether cryptocurrency, typically used to hide payment origin. Public reports paint Stark Industries as a company “historically considered a bulletproof hosting provider,” as well as one that helped researchers uncover infrastructure used by some infamous threat groups, like FIN7 (a.k.a. Sangria Tempest, Carbon Spider). In May 2024, a report from German nonprofit investigative journalist organization CORRECTIV dives into the origin story of Stark Industries, which emerged two weeks before Russia invaded Ukraine. According to CORRECTIV, multiple disinformation campaigns and distributed denial-of-service (DDoS) attacks to Russia’s benefit were traced to Stark Industries servers or other services provided by the Neculiti brothers. In July last year, a report from cyber intelligence company Silent Push revealed the malicious infrastructure that FIN7 rented from Stark Industries. “Our threat analysts have discovered numerous Stark Industries IPs that are solely dedicated to hosting FIN7 infrastructure” - Silent Push In August, though, researchers at Team Cymru, a cyber threat-hunting intelligence platform, announced that they had been working with Stark Industries for several months to identify and reduce abuse of their systems. After Silent Push published their report, the researchers collaborated with Team Cymru and Stark Industries to take down FIN7’s malicious infrastructure. BleepingComputer asked the European Council if the sanctionwas based on more recent information analyzed after Stark Industries' collaboration with security researchers but the details were not immediately available. Other entities targeted by the latest set of sanctions from the European Council are media outlets, news agencies, and companies involved in Russian espionage and disruption missions, along with the individuals behind them. The council lists the Voice of Europe media channel and the African Initiative news agency as being involved in disseminating Russian narratives and propaganda. Turkish media company AFA Medya and its founder, Hüseyin Doğru, are also mentioned in the press release as the Council’s targets for sanctions. About two fishing companies, Norebo JSC and Murman Sea Food, on the list of sanctions, the Council says that they were part of a surveillance campaign sponsored by Russia and were used to carry out espionage missions and to sabotage critical infrastructure, such as undersea cables. The Federal State Unitary Enterprise “Main Radio Frequency Center” General Radio Frequency Center (GRFC) has been sanctioned for its involvement in electronic warfare by using jamming and spoofing tactics on GPS signals in Baltic states and disrupting civil aviation. “Those designated today will be subject to an asset freeze and EU citizens and companies will be forbidden from making funds available to them,” the European Council announces. On top of these restrictions, the individuals on the sanctions list are banned from entering the European Union territory, even in transit. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.