The European Union has taken decisive action against certain companies and individuals for their alleged involvement in cyber activities targeting its member nations. On Tuesday, the Council for the European Union announced sanctions on three companies and two individuals, citing their roles in facilitating hacking operations.
Targets of the Sanctions
The sanctions have been levied against two Chinese companies, Integrity Technology Group and Anxun Information Technology, along with two individuals associated with these entities. These companies are accused of providing products and services that support global hacking activities. Integrity Technology Group, previously sanctioned by the US in January 2025, is said to supply infrastructure to the state-backed hacking group Flax Typhoon.
The Council highlighted that Integrity Technology Group has consistently provided threat actors with tools to infiltrate and access devices across EU member states. Between 2022 and 2023, Flax Typhoon reportedly used products from Integrity Technology Group to access over 65,600 Internet of Things devices in six member states.
Background of the Sanctioned Entities
Anxun Information Technology, also referred to as I-Soon, is a private company with ties to China’s Ministry of Public Security. The firm has been implicated in cyber operations aligned with Beijing’s strategic interests. In March 2025, the US filed charges against nearly a dozen employees of I-Soon, followed by UK sanctions against the company in December.
According to the EU, I-Soon has engaged in hacking services targeting critical infrastructure and functions of EU member states and other countries. The company has been accused of offering hacking-for-hire services, selling classified information, and attacking non-member state governments, posing a threat to the EU’s common foreign and security policy.
Additional Sanctions and Impact
The EU has also targeted the Iranian hacking group Emennet Pasargad, known by various aliases including Cotton Sandstorm and Haywire Kitten. This group has ties to Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command and was implicated in the 2024 Summer Olympics hack.
Emennet Pasargad has been sanctioned for influence operations targeting the 2020 US presidential election and cyber-attacks against Sweden’s digital infrastructure. The EU accuses the group of compromising a Swedish SMS service, posing significant external threats to member states and third countries.
These sanctions underscore the EU’s commitment to protecting its digital landscape from external cyber threats. By targeting entities involved in cyber operations, the Union aims to safeguard its member states and maintain security on a global scale.
