Why Has the EU Sanctioned Firms from China and Iran?

When geopolitics is volatile, state-backed cyber activity stirs up. 

In response to these advancing threats, the European Union has rained down sanctions on three companies and two individuals involved in cyberattacks against EU member states and its partners. 

The blacklisted entities and individuals will now be subject to asset freezes and travel bans across EU territories. 

Chinese companies linked to widespread cyber-attacks

Two China-based companies are among those sanctioned – Integrity Technology Group and Anxun Information Technology. These two companies were previously sanctioned by the UK.

Integrity Technology Group, the EU says “has routinely provided products used to compromise and access devices in EU member states, across Europe and worldwide”.

The hacking of more than 65,000 devices across six member states were facilitated by their tools and support, within just a year. Their activities are linked to those of Chinese state hacking group dubbed Flax Typhoon. 

Anxun Information Technology, aka i-Soon, the EU says has been involved in cyber-attacks targeting critical infrastructure in EU countries and third-party states. 

The company is accused of targeting more than 80 government and private sector systems worldwide while supporting other threat actors in carrying out malicious cyber activity.

The two individuals sanctioned by the EU are co-founders of Anxun, and “were responsible for and involved in cyber-attacks affecting EU member states”.

UK Foreign Secretary Yvette Cooper had previously described the sanctioned companies as undertaking “vast and indiscriminate cyber activities against the UK and its allies". 

According to a report by the Economic Times, Beijing criticised the EU’s move, with a foreign ministry spokesperson describing the sanctions as illegitimate and calling on the bloc to reverse its approach.

Iranian firm targets French and Swedish systems

Iranian company Emennet Pasargad was among the sanctioned entities. 

Not only did the company gain unauthorised access to a French subscriber database, it also offered stolen content for sale on the dark web. 

A Politico report reveals the Magazine in question as Charlie Hebdo, saying: “Microsoft in 2023 pinned the data theft on Emennet Pasargad, which happened after the magazine published cartoons mocking then-Iranian Supreme Leader Ali Khamenei.”

Emennet Pasargad was also implicated in compromising advertising billboards to spread disinformation during the 2024 Paris Olympic Games. 

A Swedish SMS service also fell to the sword of the firm, which caused a major disruption affecting numerous EU citizens. 

The Council emphasised that this decision reaffirms the EU’s commitment to a free, stable and secure cyberspace, while reinforcing cooperation with international partners to counter persistent cyber threats. 

EU citizens and companies are prohibited from providing any funds or resources to those sanctioned.

Global critical infrastructure prime attack targets 

Countries are modernising their infrastructure with digital elements. While this improves performance and monitoring in these critical systems, it opens new doors for bad actors to mount potent attacks. 

Recent research from Claroty shows that cyber-physical systems (CPS) is becoming a preferred target of opportunistic threat actors, who are often inspired politically and socially by geopolitical events.

The study reveals that 82% of attacks against CPS involve the use of virtual network computing (VNC) protocol clients to remotely access exposed and internet-facing assets.

The compromise of human machine interfaces (HMI) or supervisory control and data acquisition (SCADA) systems that control industrial processes were involved in 66% of incidents.

“Our research reveals a major escalation in how malicious actors are infiltrating the operational systems that underpin society’s daily operations,” says Amir Preminger, CTO and head of Team82 at Claroty. 

“Attackers are using relatively low-tech means to target critical sectors – from manufacturing, to water and waste, to power generation, to healthcare – industries whose disruption would lead to dire, if not dangerous consequences.

“Based on what’s uncovered in the research there’s a clear need to bolster security efforts for CPS and organisations can no longer tolerate lax cybersecurity practices around these devices.”