EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations
The EU Council announced sanctions against Chinese companies Integrity Technology Group and Anxun Information Technology (I-Soon), two Chinese individuals, and Iranian group Emennet Pasargad (Cotton Sandstorm) for their roles in hacking operations targeting EU member states. Integrity Tech supplied infrastructure to state-sponsored group Flax Typhoon, which compromised over 65,600 IoT devices across six EU states, while I-Soon provided hacking-for-hire services against critical infrastructure. Emennet Pasargad, linked to Iran's IRGC-CEC, was sanctioned for cyberattacks on Swedish digital infrastructure and influence operations.
Summary
The EU Council announced sanctions against Chinese companies Integrity Technology Group and Anxun Information Technology (I-Soon), two Chinese individuals, and Iranian group Emennet Pasargad (Cotton Sandstorm) for their roles in hacking operations targeting EU member states. Integrity Tech supplied infrastructure to state-sponsored group Flax Typhoon, which compromised over 65,600 IoT devices across six EU states, while I-Soon provided hacking-for-hire services against critical infrastructure. Emennet Pasargad, linked to Iran's IRGC-CEC, was sanctioned for cyberattacks on Swedish digital infrastructure and influence operations.
Full text
The Council for the European Union on Tuesday announced sanctions against three companies and two individuals for their alleged roles in hacking activities targeting EU member states. The sanctions target two Chinese companies, namely Integrity Technology Group and Anxun Information Technology, which are believed to provide products and services supporting hacking activities globally, as well as two associated Chinese individuals. Integrity Technology Group (Integrity Tech) is a Chinese company sanctioned by the US in January 2025 for supplying the state-sponsored hacking group Flax Typhoon with infrastructure used in cyberattacks against multiple victims. According to the Council, Integrity Tech has routinely provided threat actors with products used to “compromise and access devices in EU member states”. “Between 2022 and 2023, Flax Typhoon accessed at least 65 600 Internet of Things devices in six member states by using Integrity Technology Group’s products,” the EU says. Anxun Information Technology, also known as I-Soon, is a private company linked to the Ministry of Public Security, China’s top policing agency, and was previously said to have been involved in cyber operations aligned with Beijing’s interests.Advertisement. Scroll to continue reading. In March 2025, the US announced charges against close to a dozen I-Soon employees, and the UK announced sanctions against the company in December. Now, the EU says that I-Soon has provided “hacking services aimed at the critical infrastructure and critical functions of member states and third countries”. According to the Union, the company has offered hacking-for-hire services, accessed and sold classified information, and has attacked governments of non-member states, “posing a threat to the common foreign and security policy (CFSP) objectives of the Union”. The Council also named Chen Cheng and Wu Haibo as two of the general managers of I-Soon and the legal representatives of a specific branch of the company. Additionally, the EU sanctioned Emennet Pasargad, the Iranian hacking group also known as Cotton Sandstorm, Marnanbridge, and Haywire Kitten, which has been linked to Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). The group was blamed for the 2024 Summer Olympics hack and sanctioned for influence operations targeting the 2020 US presidential election. Last year, the US announced $10 million bounties for the group’s leader and for a long-time employee of its front company. The EU says that Emennet Pasargad is responsible for cyberattacks against Sweden’s digital infrastructure and for compromising a Swedish SMS service. “Emennet Pasargad is therefore responsible for cyber-attacks with a significant effect which constitute an external threat to member states and for cyber-attacks with a significant effect against a third state,” the EU notes. Related: US Sanctions Russian Exploit Broker Operation Zero Related: UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare Related: Australia Sanctions Hackers Supporting North Korea’s Weapons Program Related: US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Robotic Surgery Giant Intuitive Discloses Cyberattack174 Vulnerabilities Targeted by RondoDox BotnetTracebit Raises $20M for Cloud-Native Deception TechnologyCISA Flags Year-Old Wing FTP Vulnerability as ExploitedSecurity Firm Executive Targeted in Sophisticated Phishing AttackChina-Linked Hackers Hit Asian Militaries in Patient Espionage OperationThreat Actor Targeting VPN Users in New Credential Theft CampaignForceMemo: Python Repositories Compromised in GlassWorm Aftermath Latest News Virtual Summit Today: Supply Chain & Third-Party Risk SummitShadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesManifold Raises $8 Million for AI Detection and ResponseIranian Hackers Likely Used Malware-Stolen Credentials in Stryker BreachApple Debuts Background Security Improvements With Fresh WebKit PatchesResearcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchTech Giants Invest $12.5 Million in Open Source SecurityUK Companies House Exposed Details of Millions of Firms Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the MoveNudge Security has appointed Patrick Dillon as Chief Revenue Officer.Arctic Wolf has named Will May as its Chief Revenue Officer.Palo Alto Networks has named Danielle Gonzalez as its new Chief People Officer.More People On The MoveExpert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email
Indicators of Compromise
- malware — Flax Typhoon
- malware — Emennet Pasargad
- mitre_attack — T1190