EU imposes sanctions on Chinese and Iranian entities for cyber attacks on critical infrastructure

The European Union has taken a visible step in the collective response to digital threats: the Council of the European Union imposed sanctions on three companies and two people for their involvement in computer attacks directed against devices and critical infrastructure. These measures are not only symbolic: they seek to cut resources, pursue responsibilities and send a message about the political and economic cost of cyberactions that affect citizens and essential services.

Among the sanctioned entities are two companies linked to China - Integrity Technology Group and Anxun Information Technology (also known as i-Soon) - and an Iranian firm, Emennet Peargad. The allegations range from the provision of technical capacity to operate networks of infected equipment to the recruitment of "hackers-for-hire" and influence campaigns that have affected third countries. According to the Council, Integrity Technology Group provided "technical and material support" in 2022 and 2023 that facilitated the infection of tens of thousands of devices in several Member States; for its part, Anxun would have offered intrusion services directed against critical functions of governments and companies, and two of its co-founders are now also on the list of people punished.

The Iranian case is not minor: Emennet Peargad has been linked to multiple disinformation campaigns, the data removal from the SMS provider in Sweden and, according to reports, even the abduction of digital advertising panels to spread messages during the Paris 2024 Olympic Games. Research and security companies have associated actors operating under pseudonyms with the offer and sale of stolen databases - such as the publication of a sample of subscribers to Charlie Hebdo magazine - and with cybersecurity services offered to the Iranian State. For details on one of these operations and the actor who used the alias "Holy Souls," see the analysis published by Microsoft.

The sanctions that the EU has applied involve assets freezing and the prohibition for citizens and businesses in the Union to make available funds, goods or economic resources for those in question. In addition, the natural persons included in the measures face entry and transit visas through Community territory. These are tools already used by the EU since 2019 against actors carrying out malicious cyberactivities; the Council maintains a chronology of these measures and their regulatory developments that helps to put these actions within a broader framework of foreign policy and digital security ( see chronology).

Behind the commercial names are technical and operational stories that explain why the authorities have decided to punish now. Integrity Technology Group has been associated, according to security investigations and international authorities, with a large botnet capable of coordinating thousands - and even hundreds of thousands - of committed devices, a classic tool for espionage, mass data collection or denial of service attacks. In parallel, Anxun / i-Soon was exposed by a leak in 2024 that revealed internal documentation about its activities as an offensive contractor, which reinforced the charges on its role in continued operations over more than a decade; the analysis of the leak can be found in the report of the SentinelOne.

At the international level, the responses are not limited to the EU. A number of agencies and governments - particularly in the United States - have previously sanctioned some of these entities and have offered rewards for information to locate those responsible. This channel of actions, which combines financial, police and intelligence sanctions, aims to weaken the operational capacities of organizations and complicate their activity in the global market for cyberservices.

Why do these sanctions matter to a citizen or a company? Because threats are no longer just isolated incidents: when a network of devices is controlled from outside or when a company sells services to attack critical infrastructure, the consequence can reach public services, supply chains and the privacy of tens of thousands of people. The freezing of assets and trade bans complicate the financing and logistics of these groups, and the movement of those responsible makes it difficult to mobility and the legitimacy with which they operate internationally.

Such decisions also reflect a paradigm shift: sanctions have become a foreign policy tool for managing digital risks, along with technical cooperation among States and diplomatic pressure. However, their effectiveness depends on transnational coordination, the ability to accurately identify responsible actors and to complement measures with technical defences, intelligence exchange and resilience in critical sectors.

In daily practice, companies must continue to strengthen their defenses: network segmentation, regular patches, monitoring and rapid responses to intrusions are more necessary than ever. Policy makers, for their part, will have to balance sanctions, international cooperation and domestic measures to protect key infrastructure without punitive action having side effects on legitimate trade.

The Council's operation is, in the end, a public reminder that conflicts in cyberspace already have specific economic and diplomatic consequences. For those who want to deepen the Council's official note on these sanctions, the full text is available on the European Council detailed the legal basis and scope of the measures imposed.

We live in an environment where physical borders are becoming less important for attackers and where the collective response - sanctions, criminal persecution and technical fortification - will be key to maintaining the security of services and infrastructure that we take for granted. Today's news shows that this response is becoming more common and more coordinated, but it also reminds us that the threat evolves at the same speed as the technologies we depend on to live and work.