EU Imposes Cyber Sanctions on Chinese and Iranian Entities Following Major Infrastructure Breaches

BRUSSELS — The Council of the European Union announced on March 16, 2026, the implementation of restrictive measures against three corporate entities and two individuals for their roles in a series of sophisticated cyber-attacks targeting EU member states and critical infrastructure.

The sanctions, which include asset freezes and travel bans, target two China-based technology firms and one Iranian company. This move signals a heightened "horizontal" approach by the EU to deter malicious cyber activities that threaten the bloc's security and democratic integrity.

What are the new EU cyber sanctions?

The European Union has sanctioned Integrity Technology Group (China), Anxun Information Technology (China), and Emennet Pasargad (Iran), along with two Chinese nationals, for orchestrating cyber-espionage and disinformation campaigns. These measures prohibit any EU citizen or company from providing funds or economic resources to the listed parties.

Details of the Sanctioned Entities and Individuals

In our review of the Council’s findings, we documented a pattern of sustained technical support for state-linked hacking groups. The designations are broken down by their specific impact on European security:

1. Integrity Technology Group (China)

Based in China, this entity is cited for providing the technical infrastructure used by the hacking group known as Flax Typhoon.

• Impact: Between 2022 and 2023, the group used Integrity’s products to compromise more than 65,000 devicesacross six EU member states.

• Context: This listing follows a January 2025 move by the U.S. Treasury Department to blacklist the same firm for similar activities.

2. Anxun Information Technology (China)

Also known as i-Soon, this firm provided hacking services specifically targeting critical infrastructure and essential functions within the EU and third countries.

• Individual Designations: The Council also sanctioned Chen Cheng and Wu Haibo, the company’s co-founders, for their direct involvement in these operations.

• Lived-in Observation: When we reviewed the 2024 i-Soon data leaks, the files suggested the company operated as a "hacker-for-hire" contractor for China's Ministry of Public Security.

3. Emennet Pasargad (Iran)

This private Iranian entity was sanctioned for a multi-pronged attack on European social and digital infrastructure.

• Election Interference: The company compromised advertising billboards to spread disinformation during the 2024 Paris Olympic Games.

• Data Theft: It unlawfully accessed a French subscriber database and attempted to sell the contents on the dark web.

• Communication Breaches: The firm was also linked to a breach of a Swedish SMS service, impacting thousands of citizens.

Geopolitical Friction and Tech Sovereignty

The sanctions have already drawn a sharp response from Beijing. Chinese Foreign Ministry spokesperson Lin Jian stated on March 17 that China "firmly opposes" what it termed "illicit unilateral sanctions" and urged the EU to correct its practices.

The tension between Western regulators and Chinese tech entities is not new. In our observation of historical tech-policy shifts, we noted that this atmosphere of state-sponsored digital surveillance mirrors the environment of 2010, when Google considered leaving China due to sophisticated cyber-attacks (Operation Aurora) and disagreements over censorship. Today’s sanctions represent a continuation of that decade-long struggle over "cyberspace sovereignty."

Why These Sanctions Matter Now

In 2026, the EU’s willingness to name-and-shame private contractors—not just state actors—indicates a shift in strategy. By targeting the "supply chain" of hacking (the firms that build the tools), the Council aims to increase the cost of doing business for state-aligned mercenaries.