EU Sanctions - Chinese and Iranian Cyber Actors Targeted
Basically, the EU is punishing companies from China and Iran for hacking into important systems.
The EU has sanctioned Chinese and Iranian firms for cyberattacks on critical infrastructure. This affects over 65,000 devices across member states. The move highlights the EU's commitment to combating cyber threats and ensuring security.
What Happened
The European Union has taken significant action against cyber threats by sanctioning Chinese and Iranian firms and individuals. These sanctions target three companies and two individuals linked to cyberattacks that compromised critical infrastructure across EU member states. The Council of the European Union announced these restrictive measures, highlighting the seriousness of the ongoing cyber threats against the region.
Among the sanctioned entities is Integrity Technology Group, a China-based company involved in operations that affected over 65,000 devices across six EU countries from 2022 to 2023. The U.S. Treasury previously sanctioned this firm due to its connections with the Flax Typhoon APT group, which has been actively targeting critical infrastructure globally since 2021. Another firm, Anxun Information Technology, also based in China, provided hacking services that specifically targeted critical infrastructure, leading to its sanctioning.
Who's Being Targeted
The sanctions affect not only the companies but also the individuals behind these operations. Two co-founders of Anxun Information Technology have been directly implicated in cyberattacks against EU member states. Additionally, the Iranian firm Emennet Pasargad has been sanctioned for breaching a French subscriber database and conducting disinformation campaigns during significant events like the Paris 2024 Olympic Games.
These actions underscore the EU's commitment to protecting its digital landscape from foreign cyber threats. The sanctions include asset freezes and travel bans for the individuals involved, aiming to deter further malicious activities.
Tactics & Techniques
The sanctioned entities employed various tactics to execute their cyberattacks. The Flax Typhoon APT group utilized the infrastructure provided by Integrity Technology Group to infiltrate European and U.S. networks. This group is known for exploiting vulnerabilities to maintain persistent access to critical systems.
Moreover, Anxun Information Technology has been involved in hacker-for-hire services since 2011, showcasing a pattern of targeting vital infrastructure. Emennet Pasargad's tactics included hacking advertising billboards to spread disinformation, demonstrating a blend of cyber espionage and psychological operations.
Defensive Measures
In response to these threats, the EU has reinforced its cyber sanctions regime, which now includes 19 individuals and 7 entities. This move illustrates the EU's resolve to combat persistent cyber threats and enhance cooperation with international partners to ensure a secure cyberspace.
The EU established its cyber diplomacy toolbox in 2017, which has evolved to include sanctions aimed at countering external cyber threats. As the landscape of cyber threats continues to evolve, the EU's proactive measures are crucial in maintaining the integrity of its critical infrastructure and protecting its citizens from cyber harm.
Security Affairs