The EU has imposed sanctions on China, Russia and North Korea for past cyberattacks against European citizens and businesses. In particular, the European Council decided to impose sanctions on six individuals and three entities associated with these countries and responsible for or involved in various cyber attacks.
- GAO Qiang (China)
- ZHANG Shilong (China)
- Alexey Valeryevich MININ (Russia)
- Aleksei Sergeyvich MORENETS (Russia)
- Evgenii Mikhaylovich SEREBRIAKOV (Russia)
- Oleg Mikhaylovich SOTNIKOV (Russia)
- Tianjin Huaying Haitai Science and Technology Development Co. Ltd (Huaying Haitai) (China)
- Chosun Expo (North Korea)
- The Main Center for Special Technologies (GTsST) of the General Directorate of the General Staff of the Armed Forces of the Russian Federation (GU / GRU) (Russia)

EU officials say the two Chinese nationals were members of APT10, the Chinese group hackers behind the cyberattacks known as Operation Cloud Hopper, while the four Russians it was agents of the GRU who took part in the attempted cyber-attack against the Organization for the Prohibition of Chemical Weapons (OPCW) in the Netherlands.
With regard to China, will be penalized for “Operation Cloud Hopper” [PDF], a series of attacks against providers in cloud.

Respectively, the Russia will face sanctions for NotPetya, an executive ransomware created and developed by the Russian army in Ukraine, but spread throughout the world. In addition, Russia will be "punished" for the attempt attack against OACHO. At that time, the Dutch government was investigating the crash of flight MH17 Malaysia Airlines in Ukraine, which collapsed from a Russian missile.

At the same time, the North Korea will face EU sanctions for WannaCry, an ransomware stake created by government hackers to raise money for the regime and then taken out of control.

The penalties imposed include travel ban and freezing of assets. In addition, EU persons and entities are prohibited from making funds available to those on the sanctions lists.
Sanctions are one of them tools used by the EU for cyber diplomacy, with the aim of preventing, deterring and tackling malicious activity directed against itself or its Member States. This is the first time the EU has used this tool. The legal framework for the imposition of targeted restrictive measures against cyber attacks was introduced in May 2019 and has recently been renewed.
The USA have already sanctioned some of the aforementioned individuals and entities from China, Russia and North Korea for the same cyberattacks, while Washington has put a lot of pressure on its transatlantic partner to impose similar measures.