EU 20th Russia sanctions package — managed-security-services prohibition (eff. 25 May 2026); Switzerland adopted most measures 22 May

policy · policy:eu-20th-russia-sanctions-mss-prohibition-2026

Coverage timeline

first 2026-05-24 → last 2026-05-24

Briefs

1 distinct

Sources cited

37 hosts

Sections touched

weekly_summary

Co-occurring entities

see Related entities below

Story timeline

2026-05-24CTI Weekly Summary — 2026-W21 (May 18 – May 24, 2026)
weekly_summaryFirst coverage (W2 horizon). MSS prohibition effective 25 May; CH adopted 22 May; SECO confirmation of MSS scope pending.

Where this entity is cited

weekly_summary1

Source distribution

attack.mitre.org8 (15%)
thehackernews.com5 (9%)
helpnetsecurity.com4 (7%)
bleepingcomputer.com3 (5%)
securityweek.com2 (4%)
therecord.media2 (4%)
abw.gov.pl1 (2%)
gtlaw.com1 (2%)
other29 (53%)

Related entities

Google Threat Intelligence Group AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW; AI-augmented malware (CANFAIL, LONGSTREAM, PROMPTFLUX, HONESTCUE); state-actor Gemini abuse (UNC2814, APT45, APT27, UNC5673)
annual-reportannual-report:gtig-ai-threat-tracker-may-2026×1
NCSC Switzerland BACS assessment on AI in vulnerability management — defenders warned against over-reliance on AI detection
campaignadvisory:ncsc-ch-ai-vuln-mgmt-2026×1
Pro-Russian hacktivist OT intrusion at five Polish water treatment facilities — pump settings modified
incidentincident:polish-water-ot-2026×1
SMS-blaster smishing establishing itself in Switzerland — portable IMSI-catchers force 2G downgrade, bypass operator SMS filtering
campaigntechnique:sms-blaster-ch-2026×1

All cited sources (55)

Items in briefs about EU 20th Russia sanctions package — managed-security-services prohibition (eff. 25 May 2026); Switzerland adopted most measures 22 May (2)

EU 20th Russia sanctions package — managed-security-services prohibition effective 25 May; Switzerland adopted most measures 22 May

From CTI Weekly Summary — 2026-W21 (May 18 – May 24, 2026) · published 2026-05-18 · view item permalink →

The single most defender-relevant regulatory change of the window. Council Regulation (EU) 2026/506 introduces a prohibition on providing "managed security services" — defined to include incident handling, penetration testing, security audits and security consulting/technical-support advice — to the Government of Russia and to entities legally established in Russia, effective 25 May 2026. The prohibition reaches EU-incorporated MSSPs supplying Russian subsidiaries absent a national-competent-authority licence; no European Commission interpretive guidance on scope had been published as of 24 May, so law-firm analyses advise a conservative reading. Switzerland's EAER adopted most of the 20th-package measures effective 22 May (115 individuals/entities asset-frozen, 20 Russian banks and 7 third-country intermediaries under transaction ban, RUBx / digital-ruble transactions prohibited from 26 May), deferring some energy/trade provisions; whether the Swiss transposition includes the managed-security-services prohibition specifically requires SECO confirmation. What defenders must do differently: any EU or Swiss SOC, IR firm, or pentest provider with a Russian-law-entity client must have wound those engagements down by 25 May, and should verify no security tooling (EDR agents, SIEM forwarders, ticketing/connector integrations) is being operated or serviced under a contract with a Russian-established entity.

Pro-Russian hacktivists modify OT pump settings at five Polish water treatment facilities

From CTI Daily Brief — 2026-05-08 · published 2026-05-08 · view item permalink →

Poland's Internal Security Agency (ABW) disclosed that pro-Russian hacktivist actors penetrated the operational technology (OT) networks of five water treatment facilities and modified pump control parameters. At least one facility activated manual override procedures to prevent potential service disruption; no compromise of drinking water quality or supply loss was confirmed. ABW attributed the activity to actors operating in support of Russian geopolitical objectives but stopped short of formal state attribution. The attack pattern — IT/OT flat network exploitation leading to HMI manipulation — is consistent with prior campaigns attributed to NoName057(16) and Cyber Army of Russia Reborn in Central and Eastern European infrastructure. Polish water sector authorities and critical-infrastructure operators have been placed on heightened alert. The ABW advisory is a single-source national CERT/authority disclosure.