Threat Intel - Europe Sanctions Chinese and Iranian Firms
Basically, Europe is punishing companies from China and Iran for hacking important systems.
The EU has sanctioned Chinese and Iranian firms linked to cyberattacks. This impacts critical infrastructure security across Europe. Ongoing measures aim to counteract these threats.
The Threat
On March 17, 2026, the European Union Council announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure across Europe. These sanctions are part of a broader effort to combat malicious cyber activities that threaten national security and public safety. The entities sanctioned include two Chinese firms, Integrity Technology Group and Anxun Information Technology, along with the Iranian company Emennet Pasargad. Each has been linked to significant cyber operations that compromised critical systems in various EU member states.
Integrity Technology Group was found to have provided technical support that enabled the hacking of over 65,000 devices in six EU countries between 2022 and 2023. Anxun Information Technology, also known as i-Soon, has been implicated in various cyberattacks and has offered hacking services for hire since at least 2011. Emennet Pasargad, on the other hand, has a history of influence campaigns and was involved in a notable incident during the 2024 Paris Olympics, where it hijacked advertising billboards to spread misinformation.
Who's Behind It
The individuals sanctioned include the co-founders of Anxun Information Technology, who are believed to have played pivotal roles in orchestrating these cyberattacks. Their actions have not only targeted EU member states but have also extended to third countries, showcasing a global threat landscape. The involvement of state-sponsored actors, particularly from China, raises concerns about the collusion between private companies and government entities in cyber warfare.
The FBI has previously connected Integrity Technology Group to the 'Raptor Train' botnet, which is believed to be operated by the Chinese state-sponsored threat actor known as Flax Typhoon. This botnet reportedly consists of 260,000 infected devices, highlighting the extensive reach and capabilities of these cybercriminal organizations.
Tactics & Techniques
The methods employed by these entities range from providing technical support for large-scale hacks to offering hacking services on the dark web. For instance, Anxun Information Technology has been known to advertise its services on hacker forums, making it easier for malicious actors to access sophisticated hacking tools. Additionally, Emennet Pasargad's operations have included hijacking digital billboards to disseminate propaganda, showcasing a blend of cyber and psychological warfare tactics.
The EU's sanctions include asset freezes and travel bans for the individuals involved, aiming to disrupt their operations and deter future attacks. This move reflects a growing recognition of the need for international cooperation in tackling cyber threats, as these attacks often transcend national boundaries.
Defensive Measures
In response to these threats, the EU has been proactive in imposing sanctions since 2019, targeting individuals and entities involved in malicious cyber activities. As of now, the restrictions affect 19 individuals and seven entities. This ongoing effort is crucial for maintaining the integrity of critical infrastructure and protecting citizens from potential cyber harm.
Organizations within the EU are advised to bolster their cybersecurity measures, particularly in sectors deemed critical. This includes regular security assessments, employee training on cybersecurity awareness, and implementing robust incident response plans. The EU's actions serve as a reminder that cybersecurity is a shared responsibility and that vigilance is essential in the face of evolving threats.
BleepingComputer