Council of the
European Union
Brussels, 29 October 2020
(OR. en)
12475/20
LIMITE
CORLX 522
CFSP/PESC 937
RELEX 837
CYBER 207
JAI 883
FIN 805
PROPOSAL
From:
High Representative of the Union for Foreign Affairs and Security Policy,
signed by Ms. Helga SCHMID, Secretary General
date of receipt:
29 October 2020
To:
Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council
of the European Union
Subject:
Proposal of the High Representative of the Union for Foreign Affairs and
Security Policy to the Council for a Council Implementing Regulation
implementing Regulation (EU) 2019/796 concerning restrictive
measures against cyber-attacks threatening the Union or its Member
States
Delegations will find attached document HR(2020) 166.
Encl.: HR(2020) 166
12475/20
LJM/ia
RELEX.1.C
LIMITE
EN
HR(2020) 166
Limited
EUROPEAN EXTERNAL ACTION SERVICE
GREFFE
Proposal of the High Representative of the Union for Foreign Affairs and Security
Policy to the Council
of 29/10/2020
for a Council Implementing Regulation implementing Regulation (EU) 2019/796
concerning restrictive measures against cyber-attacks threatening the Union or its
Member States
HR(2020) 166
Limited
HR(2020) 166
Limited
1
HR(2020) 166
Limited
COUNCIL IMPLEMENTING REGULATION (EU) 2020/…
of [dd/mm/2020]
implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-
attacks threatening the Union or its Member States
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-
attacks threatening the Union or its Member States (1), and in particular Article 13(1) thereof,
Having regard to the proposal from the High Representative of the Union for Foreign Affairs and
Security Policy,
Whereas:
(1)
On 17 May 2019, the Council adopted Regulation (EU) 2019/796.
(2)
On 30 July 2020, the Council adopted implementing Regulation (EU) 2020/1125 (2), which
added six natural persons and three entities or bodies to the list of natural and legal
persons, entities and bodies subject to restrictive measures in the Annex I to Regulation
(EU) 2019/796.
(3)
Updated information has been received for two listings.
(4)
Annex I to Regulation (EU) 2019/796 should therefore be amended accordingly,
HAS ADOPTED THIS REGULATION:
Article 1
Annex I to Regulation (EU) 2019/796 is amended in accordance with the Annex to this Regulation.
Article 2
This Regulation shall enter into force on the day following that of its publication in the
Official
Journal of the European Union.
1 OJ L 129I, 17.05.2019, p. 1.
2 Council Implementing Regulation (EU) 2020/1125 of 30 July 2020 implementing Regulation (EU) 2019/796
concerning restrictive measures against cyber-attacks threatening the Union or its Member States (OJ L 246, 30.7.2020,
p. 4).
HR(2020) 166
Limited
2
HR(2020) 166
Limited
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels,
For the Council
The President
HR(2020) 166
Limited
3
HR(2020) 166
Limited
ANNEX
In Annex I to Regulation (EU) 2019/796, under the subheading ‘A. Natural Persons’, entries 1 and
2 are replaced by the following entries:
A. Natural persons
Name
Identifying
Reasons
Date of
information
listing
‘1. GAO
Date of birth: 4
Gao Qiang is involved in “Operation Cloud
30.7.2020
Qiang
October 1983
Hopper”, a series of cyber-attacks with a
significant effect originating from outside the
Place of birth:
Union and constituting an external threat to
Shandong Province, the Union or its Member States and of cyber-
China
attacks with a significant effect against third
Address: Room
States.
1102, Guanfu
“Operation Cloud Hopper” targeted
Mansion, 46 Xinkai
information systems of multinational
Road, Hedong
companies in six continents, including
District, Tianjin,
companies located in the Union, and gained
China
unauthorised access to commercially
Nationality: Chinese sensitive data, resulting in significant
economic loss.
Gender: male
The actor publicly known as “APT10”
(“Advanced Persistent Threat 10”) (a.k.a.
“Red Apollo”, “CVNX”, “Stone Panda”,
“MenuPass” and “Potassium”) carried out
“Operation Cloud Hopper”.
Gao Qiang can be linked to APT10, including
through his association with APT10
command and control infrastructure.
Moreover, Huaying Haitai, an entity
designated for providing support to and
facilitating “Operation Cloud Hopper”,
employed Gao Qiang. He has links with
Zhang Shilong, who is also designated in
connection with “Operation Cloud Hopper”.
Gao Qiang is therefore associated with both
Huaying Haitai and Zhang Shilong
HR(2020) 166
Limited
4
HR(2020) 166
Limited
2.
ZHANG Date of birth: 10
Zhang Shilong is involved in “Operation 30. 30.7.2020’
Shilong
September 1981
Cloud Hopper”, a series of cyber-attacks
with a significant effect originating from
Place of birth: China outside the Union and constituting an
Address: Hedong,
external threat to the Union or its Member
Yuyang Road No
States and of cyber-attacks with a
121, Tianjin, China
significant effect against third States.
Nationality: Chinese “Operation Cloud Hopper” has targeted
information systems of multinational
Gender: male
companies in six continents, including
companies located in the Union, and
gained unauthorised access to
commercially sensitive data, resulting in
significant economic loss.
The actor publicly known as “APT10”
(“Advanced Persistent Threat 10”) (a.k.a.
“Red Apollo”, “CVNX”, “Stone Panda”,
“MenuPass” and “Potassium”) carried out
“Operation Cloud Hopper”.
Zhang Shilong can be linked to APT10,
including through the malware he
developed and tested in connection with
the cyber-attacks carried out by APT10.
Moreover, Huaying Haitai, an entity
designated for providing support to and
facilitating “Operation Cloud Hopper”,
employed Zhang Shilong. He has links
with Gao Qiang, who is also designated in
connection with “Operation Cloud
Hopper”. Zhang Shilong is therefore
associated with both Huaying Haitai and
Gao Qiang.
HR(2020) 166
Limited
5