EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war

The European Union on Monday adopted a new package of sanctions against Russia, targeting individuals allegedly involved in cyberwarfare and information operations against Ukraine.

Among those sanctioned is Lee Chang Ho, a 58-year-old identified as the head of North Korea’s Reconnaissance General Bureau (RGB), the country’s intelligence agency.

According to the European Council, Lee was involved in deploying North Korean personnel to support Russia’s war against Ukraine and has overseen cyberattack units, including those known in the West as Lazarus and Kimsuky. He also coordinated North Korean soldiers deployed on the battlefield in Ukraine, “who may have been given tasks related to irregular guerrilla warfare,” the EU said.

Lee was previously sanctioned by South Korea and the U.S. for his ties to Pyongyang’s intelligence services. Researchers believe that RGB is responsible for most of North Korea's cyber operations, including espionage, destructive attacks, and financial crimes. Notorious hacker groups such as Kimsuky, Lazarus, and Andariel have been previously attributed to RGB.

Information operations

The European Union's latest sanctions package also targets individuals involved in information operations against Ukraine, including Russian blogger Kristina Potupchik, who has led anti-Ukraine media campaigns for Kremlin-linked clients, and athlete Nikita Nagorny for spreading pro-Russian propaganda.

The measures also extend to eight Russian media outlets accused of disseminating propaganda, including Eurasia Daily, Lenta, NewsFront, RuBaltic, SouthFront, the Strategic Culture Foundation and Krasnaya Zvezda.

“These media outlets have been essential and instrumental in bringing forward and supporting Russia’s war of aggression against Ukraine and in destabilizing its neighboring countries, as well as the EU and its member states,” the European Council said.

Earlier in December, the European Council blacklisted 16 Russian citizens for their involvement in influence and intelligence operations against Ukraine and its allies

In 2022, the EU blocked access to the Russian state-owned propaganda channels Russia Today and Sputnik. Similarly in May, the bloc sanctioned the Prague-based Voice of Europe website, accusing it of promoting pro-Russian narratives.

Members of Russian hacker groups have also drawn the attention of Western countries. Last year, the U.S. imposed sanctions on two members of the Russian government-aligned hacktivist group known as the Cyber Army of Russia Reborn (CARR).

The group has carried out low-impact, unsophisticated distributed denial-of-service (DDoS) attacks against Ukraine and its allies since the start of the war in 2022. Additionally, CARR compromised industrial systems at a U.S. energy company, gaining control over alarms and pumps for fuel tanks.