With the latest China and Iran cyber sanctions dominating global headlines, the European Union has taken decisive action against state-linked actors from both nations. On March 16, 2026, the Council of the European Union imposed restrictive measures—including asset freezes and travel bans—on three companies and two individuals for their roles in cyberattacks targeting EU member states, critical infrastructure, and devices worldwide.
The sanctioned entities include:
- Integrity Technology Group (China) This company provided technical and material support that enabled the compromise of more than 65,000 devices across six EU member states between 2022 and 2023. It has been linked to the “Raptor Train” botnet operations associated with the Chinese state-sponsored group Flax Typhoon, which has infected hundreds of thousands of devices globally.
- Anxun Information Technology (also known as i-Soon, China) Accused of offering “hacker-for-hire” services since at least 2011, targeting critical infrastructure and key functions in EU countries and beyond. Two of its co-founders were personally sanctioned for direct involvement in attacks on EU member states. This firm gained notoriety following a major data leak in 2024 that exposed its tools and operations, and it has faced prior U.S. sanctions in 2025.
- Emennet Pasargad (Iran) This entity has been tied to multiple influence operations, including compromising an SMS service in Sweden, hijacking advertising billboards during the 2024 Paris Olympics to spread misinformation, and attempting to sell personal data from 230,000 Charlie Hebdo subscribers on the dark web in early 2023 (demanding around 20 bitcoins, equivalent to roughly $340,000 at the time). It provides cybersecurity services to the Iranian government and has a history of state-supported cyber and influence activities.
These China and Iran cyber sanctions highlight a pattern of state-affiliated cyber operations from both nations. While the report does not explicitly state direct collaboration between Chinese and Iranian entities in joint operations, the simultaneous targeting of Western interests—through botnets, hacking-as-a-service, influence campaigns, and data theft—raises serious questions about whether these activities are converging in impact, if not in formal alliances. Nation-state actors and their proxies increasingly operate in ways that amplify global cyber risks, from mass device compromise to disinformation and infrastructure disruption.
The EU’s cyber sanctions regime, in place since 2019, now covers 19 individuals and seven entities, underscoring the growing threat from foreign adversaries. As the European Council stated, those listed face asset freezes, prohibitions on providing funds or resources, and travel restrictions within the EU.
What China and Iran Cyber Sanctions Mean for Your Organization
These developments serve as a stark reminder that cyber threats are not abstract—they are actively evolving, often backed by sophisticated state support. In the face of these China and Iran cyber sanctions, ransomware, nation-state intrusions, credential theft, and supply-chain compromises remain top vectors, exploiting the same vulnerabilities time and again.
This is precisely why initiatives like the FBI’s Operation Winter SHIELD—launched in February 2026—are so timely. In our recent article on Operation Winter Shield, we detailed the FBI’s blueprint of 10 essential actions to build layered cyber resilience. These steps, drawn from real investigations into ransomware and nation-state attacks, directly counter the kinds of threats highlighted in the EU sanctions:
- Adopting phish-resistant authentication to block initial access
- Implementing rigorous vulnerability management and retiring end-of-life tech
- Protecting logs, maintaining immutable backups, and reducing admin privileges to limit damage
- Exercising incident response plans to ensure quick recovery
At Black Belt Secure, we help organizations put these actions into practice through our vCISO consulting, MSSP continuous monitoring, and Jutsu advanced threat hunting services. Whether you’re facing risks from botnet-driven compromises like those tied to Chinese actors or influence operations akin to Iranian efforts, layered defense starts with closing the gaps these adversaries exploit.
If recent headlines like this EU action have you reassessing your defenses, we invite you to contact us for a complimentary resilience assessment aligned with Operation Winter Shield recommendations.
Don’t wait for the next attack — Defend Today, Thrive Tomorrow.