CP
cyberpings
Threat IntelHIGH

EU Sanctions - Chinese and Iranian Firms Targeting Hacking

SWSecurityWeek
Integrity Technology GroupAnxun Information TechnologyEmennet PasargadFlax TyphoonIranian hacking group
🎯

Basically, the EU is punishing companies from China and Iran for helping hackers attack its member countries.

Quick Summary

The EU has sanctioned Chinese and Iranian firms for their roles in hacking operations against member states. This move highlights ongoing cyber threats and geopolitical tensions. Organizations must remain vigilant to protect against these sophisticated attacks.

What Happened

On March 18, 2026, the Council for the European Union announced significant sanctions against two Chinese companies and one Iranian firm. These sanctions are a response to their alleged involvement in hacking operations targeting EU member states. The companies involved are Integrity Technology Group and Anxun Information Technology from China, alongside the Iranian hacking group Emennet Pasargad.

Integrity Technology Group has been linked to the state-sponsored hacking group known as Flax Typhoon. This group reportedly used products from Integrity Tech to access over 65,600 IoT devices across six EU member states between 2022 and 2023. Anxun Information Technology, known for its connections to China's Ministry of Public Security, has been implicated in various cyber operations that align with the interests of the Chinese government.

Who's Behind It

The sanctions specifically target two individuals, Chen Cheng and Wu Haibo, who serve as general managers of Anxun Information Technology. These individuals are believed to play crucial roles in the company's operations, which include providing hacking services aimed at critical infrastructure in EU member states. The EU's action reflects growing concerns over the activities of state-sponsored hacking groups and their impact on national security.

Emennet Pasargad, the Iranian hacking group, has also been sanctioned due to its involvement in cyberattacks against Sweden's digital infrastructure. This group has been linked to significant cyber incidents, including the 2024 Summer Olympics hack and operations that influenced the 2020 US presidential election.

Tactics & Techniques

The tactics employed by these entities often involve sophisticated cyberattacks aimed at compromising critical infrastructure and stealing sensitive information. For example, Integrity Technology Group has been known to provide tools that allow hackers to gain unauthorized access to devices used by EU member states. Similarly, Anxun Information Technology has reportedly offered hacking-for-hire services, which pose a significant threat to both member states and third countries.

The EU's sanctions aim to disrupt these operations and signal that such activities will not be tolerated. By targeting these firms, the EU hopes to mitigate the risks posed by state-sponsored cyber threats and protect its digital sovereignty.

Defensive Measures

In light of these developments, it is crucial for organizations within the EU to enhance their cybersecurity measures. This includes implementing robust threat detection systems, conducting regular security audits, and educating employees about potential phishing attempts linked to these hacking groups. Furthermore, collaboration with law enforcement agencies can help in tracking and mitigating threats from state-sponsored actors.

The EU's sanctions serve as a reminder of the ongoing cyber warfare landscape and the importance of vigilance in protecting national and organizational security. Organizations should stay informed about the tactics used by these groups and adapt their defenses accordingly to reduce the risk of falling victim to such cyberattacks.

🔒 Pro insight: The EU's sanctions reflect a growing trend of international cooperation against state-sponsored cyber threats, emphasizing the need for a unified defense strategy.

Original article from

SecurityWeek · Ionut Arghire

Read Full Article

Share

Related Pings

HIGHThreat Intel

FancyBear - Exposed Server Reveals Espionage Secrets

FancyBear's server exposure has revealed a major espionage campaign targeting NATO-linked organizations. Stolen credentials and 2FA secrets raise significant security concerns. Immediate action is required to mitigate risks.

Cyber Security News·
MEDIUMThreat Intel

Threat Intel - CISA Reports No Increase in Cyber Threats

CISA's Acting Director reports no increase in cyber threats from Iran amid ongoing military actions. The agency continues to monitor the situation closely. Cybercriminal activities remain a concern, and vigilance is key.

The Record·
HIGHThreat Intel

Iran's Cyberattack - A Warning for Future Operations

Iran's cyberattack on Stryker signals a dangerous shift in tactics. With escalating tensions, US businesses are now at greater risk. Experts warn of more aggressive operations ahead as Iran adapts its strategies.

The Register Security·
MEDIUMThreat Intel

Threat Intel - Trump Administration's Cyber Offense Strategy

The Trump administration's national cyber director emphasizes collaboration with the private sector to combat cyber threats. This strategy aims to enhance U.S. defenses against hackers. By sharing information, companies can help shape a more effective cybersecurity response.

CyberScoop·
HIGHThreat Intel

Iran War Escalation - Rising Cyber Threats and Instability

The Iran war is escalating, leading to increased cyber threats and energy instability. Companies in the Middle East are at higher risk. As tensions rise, proactive measures are essential to safeguard operations.

Security Affairs·
HIGHThreat Intel

Magecart Threat - Understanding Claude Code Security Limits

A recent Magecart attack cleverly hides malicious code in favicon images, eluding traditional security tools. E-commerce sites relying on third-party scripts are at risk. Understanding these threats is crucial for protecting customer data and maintaining trust.

The Hacker News·