The Council of the European Union has sanctioned three Chinese and Iranian companies and two individuals for cyberattacks targeting devices and critical infrastructure.
One of the two sanctioned Chinese companies, identified as Integrity Technology Group, provided “technical and material support” between 2022 and 2023 that led to hacking more than 65,000 devices in six EU states.
The other Chinese company is Anxun Information Technology, which provided hacking services targeting “critical infrastructure and critical functions of member states and third countries.”
The two individuals added to the Council’s sanctions list are the co-founders of Anxun Information Technology, believed to have played a significant role in cyberattacks against EU member states.
The sanctioned Iranian company is Emennet Pasargad, which has been attributed multiple influence campaigns and the compromise of an SMS service in Sweden.
Emennet Pasargad has been involved in hijacking advertising billboards to spread misinformation during the 2024 Paris Olympics.
According to Microsoft, using the moniker Holy Souls on a hacker forum, the actor also offered in early January 2023 to sell personal information of 230,000 subscribers of the French magazine Charlie Hebdo.
Holy Souls asked for 20 bitcoins, worth around $340,000 at the time, and published a sample of the stolen details, which included Charlie Hebdo subscriber names and addresses.
Emennet Pasargad is believed to have provided cybersecurity services for the Iranian government and has a long history of influence campaigns. In November 2021, the U.S. Department of Justice offered a $10 million reward for two Iranian nationals who worked as contractors for the company.
“Those listed today under both regimes are subject to an asset freeze, and EU citizens and companies are forbidden from making funds, financial assets, or economic resources available to them. Natural persons also face a travel ban that prohibits them from entering or transiting through EU territories,” notes the European Council.
Integrity Technology Group was connected by the FBI in 2024 to the ‘Raptor Train’ botnet, believed to be operated by the Chinese state-sponsored threat actor ‘Flax Typhoon.’
In January 2025, the U.S. Treasury Department sanctioned the company for its involvement in these cyberattacks, allowing the Raptor Train to build a massive network of 260,000 infected devices.
In March 2025, the U.S. Justice Department sanctioned Anxun Information Technology (also known as i-Soon) for advertising hacker-for-hire services and carrying out cyberattacks since at least 2011.
In mid-February 2024, i-Soon suffered a data leak that exposed the company’s internal operations as a China-affiliated hacking contractor and its offensive toolkit.
The U.S. authorities also announced rewards of up to $10 million for valid information leading to the location of 10 Anxun Information Technology executives and technical staff members.
The European Union started imposing cyber sanctions in 2019 and, as of today, the restrictions target 19 individuals and seven entities responsible for malicious cyber activities.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
