The Council of the European Union has taken a significant step in its geopolitical cybersecurity strategy by imposing sanctions on three companies and two individuals from China and Iran. These entities are accused of orchestrating and supporting cyberattacks targeting critical infrastructure and thousands of devices across EU member states. This action underscores the bloc's commitment to using diplomatic and economic tools to deter malicious cyber activity that threatens its digital sovereignty and public security. The sanctions include asset freezes and travel bans, directly targeting the operational and financial capabilities of the named actors.
Among the sanctioned entities are two Chinese companies: Integrity Technology Group and Anxun Information Technology. According to EU findings, Integrity Technology Group provided "technical and material support" between 2022 and 2023, which directly facilitated the hacking of over 65,000 devices in six EU countries. Anxun Information Technology is cited for offering hacking services explicitly aimed at the "critical infrastructure and critical functions" of EU member states and third countries. The two individuals added to the sanctions list are the co-founders of Anxun, identified as playing a pivotal role in these cyber campaigns against European interests.
The sanctioned Iranian company, Emennet Pasargad, has been linked to multiple malicious influence operations. Its activities include the compromise of an SMS service in Sweden and the hijacking of advertising billboards to spread disinformation during the 2024 Paris Olympics. Furthermore, Microsoft Threat Intelligence has tracked this actor, who used the moniker "Holy Souls" on hacker forums. In early 2023, Holy Souls attempted to sell the personal information of approximately 230,000 subscribers to the French magazine Charlie Hebdo for 20 bitcoins (roughly $340,000 at the time), demonstrating a blend of cyber-espionage, data theft, and information warfare tactics.
This sanctions package represents a clear escalation in the EU's response to state-sponsored and state-tolerated cyber threats. It signals to adversarial nations and their proxies that the bloc will attribute attacks and impose tangible costs. For cybersecurity professionals and Chief Information Security Officers (CISOs), this development reinforces the need for robust threat intelligence, supply chain security—especially regarding third-party vendors—and enhanced defenses for operational technology (OT) and critical infrastructure networks. The move also highlights the growing intersection of cyber conflict with traditional geopolitical tensions, requiring a coordinated defense that blends technical security measures with international policy and law enforcement cooperation.
