EU Sanctions Chinese, Iranian Firms Over Cyberattacks
▼ Summary
– The EU has sanctioned three Chinese and Iranian companies and two individuals for cyberattacks targeting critical infrastructure and devices in member states.
– One sanctioned Chinese company, Integrity Technology Group, supported hacking over 65,000 devices in six EU states, while the other, Anxun Information Technology, provided hacking services.
– The sanctioned Iranian company, Emennet Pasargad, has conducted influence campaigns, including hijacking billboards during the 2024 Paris Olympics and attempting to sell stolen Charlie Hebdo subscriber data.
– The sanctioned entities and individuals face EU asset freezes and travel bans, and some have also been previously sanctioned by U.S. authorities for their cyber activities.
– These sanctions are part of the EU’s cyber sanctions regime, which now restricts 19 individuals and seven entities for malicious cyber activities.
The European Union has imposed new sanctions on companies and individuals from China and Iran, accusing them of orchestrating or supporting significant cyberattacks against European infrastructure and institutions. This move underscores the bloc’s commitment to defending its digital sovereignty and critical systems from foreign interference. The sanctions target three firms and two people, freezing their assets within the EU and banning European citizens and companies from any financial dealings with them.
One of the sanctioned Chinese companies, Integrity Technology Group, is accused of providing “technical and material support” that facilitated the hacking of over 65,000 devices across six EU member states between 2022 and 2023. The other Chinese entity, Anxun Information Technology, is cited for offering hacking services aimed at the critical infrastructure of EU states and other nations. The EU also sanctioned Anxun’s two co-founders, stating they played a major role in these cyber campaigns.
From Iran, the company Emennet Pasargad faces sanctions for multiple influence operations, including the compromise of an SMS service in Sweden. The firm has been linked to hijacking advertising billboards to spread false information during the 2024 Paris Olympics. In a separate incident, an actor using the alias Holy Souls, associated with Emennet, attempted to sell the personal data of 230,000 subscribers to the French magazine Charlie Hebdo in early 2023.
The sanctions framework means those listed are subject to a full asset freeze. EU citizens and companies are prohibited from providing them with any funds or economic resources. The individuals also face a travel ban, preventing them from entering or transiting through EU territories.
These designations follow actions by United States authorities. The FBI linked Integrity Technology Group in 2024 to the ‘Raptor Train’ botnet, which is believed to be operated by the Chinese state-sponsored threat actor ‘Flax Typhoon.’ The U.S. Treasury Department sanctioned the company in January 2025 for its role in these attacks, which infected approximately 260,000 devices. In March 2025, the U.S. Justice Department sanctioned Anxun Information Technology, also known as i-Soon, for its long-running hacker-for-hire services. A data leak from i-Soon in early 2024 exposed its internal operations as a hacking contractor with ties to China.
The U.S. has also announced rewards of up to $10 million for information leading to the location of several Anxun executives and technical staff. Emennet Pasargad has a similar history, with the U.S. Department of Justice offering a $10 million reward in 2021 for two Iranian nationals who worked as contractors for the company.
The EU first established its cyber sanctions regime in 2019. With these latest additions, the restrictions now apply to a total of 19 individuals and seven entities held responsible for malicious cyber activities targeting the Union.
(Source: Bleeping Computer)