The European Union imposed sanctions on 16 March 2026 against two Chinese firms and one Iranian company for cyber-attack activities targeting EU member states. The move marks a forceful attempt to disrupt networks of state-sponsored hackers that have operated with impunity across Europe and beyond.
The Council of the European Union sanctioned Emennet Pasargad, a Tehran-based company responsible for a variety of high-profile cyberattacks on Western organisations. The Iranian firm's track record reads as a catalogue of political interference and corporate espionage. The FBI previously tied the group to interference efforts against the 2020 US election, which included running spoofed media sites spreading anti-American propaganda designed to provoke voters into heated exchanges about the candidates and undermine confidence in election security. Years later, Brussels identified additional targets: Emennet Pasargad compromised a Swedish company's SMS service after activists burned Qurans during a 2023 protest, and sent around 15,000 messages warning that they would face retaliation.
The Iranian company's reach extended to France as well. Emennet Pasargad unlawfully gained access to a French subscriber database and advertised its contents for sale on the dark web. The company also demonstrated a taste for manipulating public events. They compromised advertising billboards to spread disinformation during the 2024 Paris Olympic Games. These are not the actions of crude cybercriminals, but rather the calculated operations of a state-directed outfit.
Beijing's entities tell a different story. Integrity Technology Group was found to have enabled hacks of over 65,000 devices across six member states. Between 2022 and 2023, more than 65,000 devices were hacked across six member states through technical and material support linked to the company. The second Chinese target, Anxun Information Technology, carried even greater ambition. Anxun Information Technology has provided hacking services aimed at the critical infrastructure and critical functions of member states and third countries.
The response from Beijing was swift and defensive. China's foreign ministry spokesman said the country firmly opposes the EU's "unlawful, unilateral sanctions" against Chinese entities and urged the EU to "rectify its erroneous practices." This rhetorical flourish glosses over the substantive allegations. The question Beijing refuses to address is straightforward: if these companies are not engaged in state-directed cyber operations, why are their executives central to networks targeting critical European infrastructure?
The sanctions regime itself carries real teeth. Those listed are subject to an asset freeze, and EU citizens and companies are forbidden from making funds, financial assets or economic resources available to them. Individuals face travel bans within the Union. With today's listings the EU horizontal cyber sanctions regime now applies to 19 individuals and 7 entities.
What remains unclear is whether economic penalties alone will deter state-directed hacking operations. The US Treasury sanctioned Integrity Technology in January 2025 without apparent effect. The firm's ties to the Chinese state run deep; it is not simply a rogue actor operating against government wishes. The EU sanctions reflect intensified coordination among Western governments to combat cyber-enabled threats by targeting both Chinese and Iranian cyber actors. Whether that coordination translates into genuine operational disruption, or merely signals disapproval, will become apparent only when these networks resume operations under new cover identities.