The European Union has imposed sanctions on two Chinese companies, one Iranian firm and two individuals over cyber attacks targeting EU member states and partners, the Council of the EU announced on Monday.
In a statement, the Council said the measures target China-based Integrity Technology Group and Anxun Information Technology, along with Iranian company Emennet Pasargad. The bloc also sanctioned two Chinese nationals identified as co-founders of Anxun Information Technology for their alleged role in cyber attacks affecting EU member states.
The Council said Integrity Technology Group had supplied tools used to compromise devices across Europe and elsewhere. According to the EU, more than 65,000 devices across six member states were hacked between 2022 and 2023 with the company’s technical and material support.
The EU said Anxun Information Technology provided hacking services aimed at critical infrastructure and other essential functions in both EU member states and third countries. The two individuals listed alongside the company were responsible for and involved in cyber attacks against EU countries, the Council said.
The Council said Iranian company Emennet Pasargad unlawfully accessed a French subscriber database and attempted to sell the information on the dark web. The company also compromised digital advertising billboards to spread disinformation during the 2024 Paris Olympic Games and breached a Swedish SMS service used by large numbers of EU citizens.
Under the sanctions regime, those listed face an asset freeze and are barred from entering or transiting through EU territory. EU citizens and companies are also prohibited from making funds or economic resources available to the sanctioned entities and individuals.
According to the Council, the measures were adopted under the EU’s cyber sanctions framework, which was established in 2019 to deter and respond to cyber attacks threatening the bloc or its member states. With the latest designations, the EU’s horizontal cyber sanctions regime now applies to 19 individuals and seven entities.
The Council said the decision demonstrated the EU’s commitment to responding to persistent malicious cyber activities targeting the bloc and its partners. The EU and its member states will continue working with international partners to promote “an open, free, stable and secure cyberspace,” it said.
