There is no UN sanctions regime targeting malicious cyber activity.
The EU sanctions regime against Cyber-attacks is based on "COUNCIL DECISION (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States."
This sanction regime is a conduct-based and list-based sanction regime and in its arsenal, it has the following restrictive measures:
Financial sanctions (asset freezing)
To address malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States the President of the United State declared a national emergency in E.O. 13694. Later in December 2016, President issued another E.O. (E.O. 13757) expanding the authority of this sanction program to cover the activities interfering with or undermining election processes or institutions.
The sanctions in this program are blocking financial sanctions which would require the U.S. person not to engage with the targets and would require the US financial institution to freeze the assets of the targets.
Those targeted by this program have the tag of [CYBER2] next to their name on the SDN list. As of April 12, 2020, there are 210 entities or individuals listed in relation to this program.