Pierluigi Paganini February 25, 2025

The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine.

The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups.

Lee Chang Ho coordinated North Korean soldiers in Ukraine and led North Korea-linked APT groups like Lazarus and Kimsuky, supporting actions against Ukraine’s independence.

“Lee Chang Ho coordinated North Korean soldiers deployed on the battlefield in Ukraine, who may have been given tasks related to irregular guerrilla warfare.” reads the announcement published by EU. “Thus, he was involved in the participation of North Korean soldiers in the war against Ukraine. He has led cyber-attack units such as Lazarus and Kim Suki. Therefore, Lee Chang Ho is responsible for supporting and implementing actions which undermine the independence of Ukraine.”

Lee Chang Ho is the Director of the Reconnaissance General Bureau, lieutenant General of the Korean People’s Army, and head of the North Korean Reconnaissance General Bureau. 

The Reconnaissance General Bureau (RGB) is North Korea’s primary intelligence agency responsible for clandestine operations, cyber warfare, espionage, and military intelligence. It oversees North Korea’s elite hacker groups, such as Lazarus Group, APT38, and Kimsuky, which conduct cyberattacks, financial theft, and espionage worldwide. The RGB is also involved in covert military operations, including special forces training and overseas intelligence activities. Multiple countries have sanctioned RGB for its role in cybercrime, espionage, and support for North Korea’s military objectives.

Most sanctioned entities are Russian, however EU also issued sanctions against Chinese and North Korean nationals.

Recently crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an unidentified address.

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M).

Bybit’s ETH cold wallet was compromised in the attack that masked the signing interface, allowing threat actors to redirect funds to an unknown address.

Blockchain cybersecurity firm Elliptic attributed the cyber heist to the notorious North Korea-linked APT Group Lazarus.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, North Korea)