This is an HTML version of an attachment to the Freedom of Information request 'EU Cyber Sanctions - Intelligence packages'.


 
  
 
 
 

Council of the 
 
 

 European Union 
   
 
Brussels, 10 November 2020 
(OR. en) 
    12476/20 
 
 
 
 
LIMITE 

 
CORLX 523 

CFSP/PESC 938 
 
 
RELEX 838 
CYBER 208 
JAI 884 
FIN 806 
 
LEGISLATIVE ACTS AND OTHER INSTRUMENTS 
Subject: 
COUNCIL IMPLEMENTING REGULATION implementing Regulation 
(EU) 2019/796 concerning restrictive measures against cyber-attacks 
threatening the Union or its Member States 
 
 
 
12476/20   
 
RC/sr 
 
 
RELEX.1.C 
LIMITE 
EN 
 

 
COUNCIL IMPLEMENTING REGULATION (EU) 2020/… 
of … 
implementing Regulation (EU) 2019/796  
concerning restrictive measures against cyber-attacks  
threatening the Union or its Member States 
THE COUNCIL OF THE EUROPEAN UNION, 
Having regard to the Treaty on the Functioning of the European Union, 
Having regard to Council Regulation (EU) 2019/796 of 17 May 2019 concerning restrictive 
measures against cyber-attacks threatening the Union or its Member States1, and in particular 
Article 13(1) thereof, 
Having regard to the proposal from the High Representative of the Union for Foreign Affairs and 
Security Policy, 
                                                 
1 
OJ L 129I, 17.5.2019, p. 1. 
 
12476/20   
 
RC/sr 

 
RELEX.1.C 
LIMITE 
EN 
 

 
Whereas: 
(1) 
On 17 May 2019 the Council adopted Regulation (EU) 2019/796. 
(2) 
On 30 July 2020 the Council adopted implementing Regulation (EU) 2020/11251, which 
added six natural persons and three entities or bodies to the list of natural and legal 
persons, entities and bodies subject to restrictive measures set out in Annex I to Regulation 
(EU) 2019/796. 
(3) 
Updated information has been received for two listings of natural persons. 
(4) 
Regulation (EU) 2019/796 should therefore be amended accordingly, 
HAS ADOPTED THIS REGULATION: 
                                                 
1 
Council Implementing Regulation (EU) 2020/1125 of 30 July 2020 implementing 
Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening 
the Union or its Member States (OJ L 246, 30.7.2020, p. 4). 
 
12476/20   
 
RC/sr 

 
RELEX.1.C 
LIMITE 
EN 
 

 
Article 1 
Annex I to Regulation (EU) 2019/796 is amended in accordance with the Annex to this Regulation. 
Article 2 
This Regulation shall enter into force on the day following that of its publication in the Official 
Journal of the European Union
This Regulation shall be binding in its entirety and directly applicable in all Member States. 
Done at …, 
 
For the Council 
 
The President 
 
 
12476/20   
 
RC/sr 

 
RELEX.1.C 
LIMITE 
EN 
 

 
ANNEX 
In Annex I to Regulation (EU) 2019/796, under the subheading 'A. Natural Persons', entries 1 and 2 are replaced by the following entries: 
 
Name 
Identifying information 
Reasons 
Date of 
listing 
'1.  GAO 
Date of birth: 4 October 1983 
Gao Qiang is involved in "Operation Cloud Hopper", a series of cyber-attacks with a 
30.7.2020 
Qiang 
Place of birth: Shandong 
significant effect originating from outside the Union and constituting an external 
Province, China 
threat to the Union or its Member States and of cyber-attacks with a significant effect 
against third States. 
Address: Room 1102, Guanfu 
Mansion, 46 Xinkai Road, 
"Operation Cloud Hopper" has targeted information systems of multinational 
Hedong District, Tianjin, 
companies in six continents, including companies located in the Union, and gained 
China 
unauthorised access to commercially sensitive data, resulting in significant economic 
loss. 
Nationality: Chinese 
The actor publicly known as "APT10" ("Advanced Persistent Threat 10") 
Gender: male 
(a.k.a. "Red Apollo", "CVNX", "Stone Panda", "MenuPass" and "Potassium") carried 
out "Operation Cloud Hopper". 
 
12476/20   
 
RC/sr 

ANNEX 
RELEX.1.C 
LIMITE 
EN 
 

 
 
Name 
Identifying information 
Reasons 
Date of 
listing 
 
 
 
Gao Qiang can be linked to APT10, including through his association with APT10 
 
command and control infrastructure. Moreover, Huaying Haitai, an entity designated 
for providing support to and facilitating "Operation Cloud Hopper", employed Gao 
Qiang. He has links with Zhang Shilong, who is also designated in connection with 
"Operation Cloud Hopper". Gao Qiang is therefore associated with both Huaying 
Haitai and Zhang Shilong. 
2.  ZHANG 
Date of birth: 
Zhang Shilong is involved in "Operation Cloud Hopper", a series of cyber-attacks 
30.7.2020'. 
Shilong 
10 September 1981 
with a significant effect originating from outside the Union and constituting an 
Place of birth: China 
external threat to the Union or its Member States and of cyber-attacks with a 
significant effect against third States. 
Address: Hedong, Yuyang 
Road No 121, Tianjin, China 
"Operation Cloud Hopper" has targeted information systems of multinational 
companies in six continents, including companies located in the Union, and gained 
Nationality: Chinese 
unauthorised access to commercially sensitive data, resulting in significant economic 
Gender: male 
loss. 
 
12476/20   
 
RC/sr 

ANNEX 
RELEX.1.C 
LIMITE 
EN 
 

 
 
Name 
Identifying information 
Reasons 
Date of 
listing 
 
 
 
The actor publicly known as "APT10" ("Advanced Persistent Threat 10") (a.k.a. 
 
"Red Apollo", "CVNX", "Stone Panda", "MenuPass" and "Potassium") carried out 
"Operation Cloud Hopper". 
Zhang Shilong can be linked to APT10, including through the malware he developed 
and tested in connection with the cyber-attacks carried out by APT10. Moreover, 
Huaying Haitai, an entity designated for providing support to and facilitating 
"Operation Cloud Hopper", employed Zhang Shilong. He has links with Gao Qiang, 
who is also designated in connection with "Operation Cloud Hopper". Zhang Shilong 
is therefore associated with both Huaying Haitai and Gao Qiang. 
 
 
12476/20   
 
RC/sr 

ANNEX 
RELEX.1.C 
LIMITE 
EN