EU Targets Firms Over Alleged State‑Linked Cyber Attacks * Science and Technology Times

The European Union has sanctioned three companies from China and Iran for cyber operations targeting member states.
Officials say the firms enabled hacking campaigns and disinformation efforts affecting critical infrastructure and public events.
The measures include asset freezes, travel bans, and restrictions on EU entities providing funds to the listed organizations.

Sanctions Reflect Rising Concerns Over Cyber Threats

The European Union has imposed new sanctions on three companies based in China and Iran, citing their involvement in cyber attacks against EU member states. Officials named Integrity Technology Group and Anxun Information Technology from China, along with the Iranian firm Emennet Pasargad, as entities responsible for activities that threatened European security. According to the EU, these operations targeted government systems, critical infrastructure, and public information channels. The decision underscores the bloc’s growing focus on countering foreign cyber operations that could undermine political stability or public trust.

Integrity Technology Group is accused of enabling large‑scale intrusions affecting more than 65,000 devices across six EU countries. Investigators say the company provided tools or services that facilitated unauthorized access to networks. These incidents reportedly involved a combination of malware deployment and exploitation of system vulnerabilities. EU officials argue that such activity demonstrates a coordinated effort to compromise digital infrastructure on a significant scale.

Chinese Firms Accused of Supporting Hacking Operations

Anxun Information Technology is alleged to have offered hacking services aimed at critical infrastructure within the EU. Authorities claim the company’s operations supported targeted attacks that could disrupt essential services or compromise sensitive data. Two of Anxun’s co‑founders have also been individually sanctioned for their direct involvement in these activities. Their inclusion on the sanctions list indicates that the EU views leadership‑level participation as a key factor in the severity of the response.

The sanctions against these individuals include travel bans preventing entry into EU territory. Their assets within the bloc, if any, will also be frozen. EU companies and citizens are prohibited from making funds or economic resources available to them. These measures are designed to limit the individuals’ ability to operate internationally and to signal the EU’s intent to hold decision‑makers accountable.

Iranian Firm Linked to Disinformation Efforts

The Iranian company Emennet Pasargad is accused of compromising advertising billboards to spread disinformation during the 2024 Paris Olympics. Investigators say the firm manipulated digital signage systems to display misleading or politically charged content. This tactic represents a shift from traditional cyber attacks toward information manipulation in highly visible public spaces. EU officials argue that such actions can influence public perception and disrupt major international events.

Sanctions against Emennet include an asset freeze and restrictions on financial interactions with EU entities. The bloc’s decision reflects concerns about the growing use of cyber tools to influence public opinion. Disinformation campaigns have become a central focus of European cybersecurity policy, particularly when linked to state‑aligned actors. The EU aims to deter similar operations by imposing tangible consequences on organizations involved in such activities.

Broader Implications for International Cyber Policy

These sanctions highlight the EU’s increasingly assertive stance on cybersecurity and foreign interference. Member states have pushed for stronger collective responses to cyber threats, especially those attributed to actors outside the bloc. The measures also align with broader international efforts to establish norms around responsible behavior in cyberspace. By targeting companies and individuals rather than governments directly, the EU seeks to apply pressure without escalating diplomatic tensions unnecessarily.

The move may also influence how companies operating in high‑risk sectors manage their international partnerships. Firms that provide digital services or infrastructure support may face heightened scrutiny regarding their security practices and affiliations. As cyber operations become more sophisticated, governments are likely to expand the use of sanctions as a tool for deterrence. The EU’s latest actions contribute to a growing framework of accountability for cyber‑related misconduct.