EU sanctions Chinese and Iranian firms for cyberattacks

EU Sanctions Chinese and Iranian Companies Over Cyber Attacks The European Union has slapped sanctions on three foreign companies, for their roles in hacking critical infrastructure and compromising advertising boards for disinformation.

Korede Akinsanya

3/18/20261 min read

The European Union imposed sanctions on March 16, 2026, against two China-based technology companies—Integrity Technology Group and Anxun Information Technology (also known as i-Soon)—and one Iranian company, Emennet Pasargad, along with two individuals (the co-founders of Anxun). These measures target their alleged roles in malicious cyber activities against EU member states and partners.

The sanctions include:

  • Asset freezes for the entities.

  • Bans on EU citizens and companies providing funds, assets, or economic resources to them.

  • Travel bans (prohibition on entry or transit through EU territory) for the two individuals.

Key Details on the Sanctioned Entities

  • Integrity Technology Group (China-based): Routinely provided products and technical/material support used to compromise and access devices across EU member states, Europe, and globally. Between 2022 and 2023, this enabled hacks of over 65,000 devices in six EU member states.

  • Anxun Information Technology (China-based): Provided hacking services targeting critical infrastructure and vital functions of EU member states and third countries. Its two co-founders (Chinese individuals) were also sanctioned for their direct responsibility and involvement in cyberattacks affecting the EU.

  • Emennet Pasargad (Iran-based):

    • Gained unauthorized access to a French subscriber database (noted in some reports as linked to Charlie Hebdo subscribers) and advertised the data for sale on the dark web.

    • Compromised advertising billboards during the 2024 Paris Olympics to spread disinformation.

    • Compromised a Swedish SMS service, impacting a large number of EU citizens.

These actions fall under the EU's horizontal cyber sanctions regime (established in 2019), which now covers 19 individuals and 7 entities in total. The Council emphasized this as a firm response to persistent malicious cyber activities, while committing to cooperation with international partners for a secure cyberspace.

The official announcement came from the Council of the European Union, with related legal acts published in the EU Official Journal (e.g., Decision (CFSP) 2026/588 and Implementing Regulation (EU) 2026/589).

China has called the sanctions against its companies "unlawful" and unilateral.

This is a strong EU signal on countering state-linked or hack-for-hire cyber threats. Sources: Official EU Council press release, Reuters, Politico, and other reports from mid-March 2026.