EU Sanctions Companies in China, Iran for Cyberattacks

THREAT INTELLIGENCE CYBERATTACKS & DATA BREACHES CYBERSECURITY OPERATIONS CYBER RISK NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific EU Sanctions Companies in China, Iran for Cyberattacks Already sanctioned in the US and the UK, these rulings prohibit companies and a couple of principals from entering or doing business in the European Union. Nate Nelson,Contributing Writer March 19, 2026 4 Min Read SOURCE: WIRESTOCK, INC. VIA ALAMY STOCK PHOTO The European Council has imposed sanctions on three ostensibly private companies — two in China, one in Iran — for aiding and carrying out cyberattacks in European countries. One of the two companies based in China, called Integrity Technology Group, is a mid-size publicly traded corporation. It was found to have regularly provided products that hackers used to compromise devices in Europe, not to mention the rest of the world. The European Council linked it to 65,000 compromised devices across six European Union (EU) countries between 2022 and 2023 alone. The most notorious of the bunch, though, is Anxun Information Technology, better known to the West as "iSoon." ISoon is a hack-for-hire operation that has worked on behalf of China's government and military, though it purports to be a cybersecurity training company. In addition to the company itself, iSoon's two founders have also been sanctioned as individuals. Related:SideWinder Espionage Campaign Expands Across Southeast Asia The Iranian company, transliterated as "Emennet Pasargad," is being punished for hacking a Swedish SMS service, performing a data leak attack against a French organization, and for spreading disinformation via advertising billboards during the 2024 Paris Olympic Games. All three companies have already been sanctioned by the governments in the US and UK. Now that they're sanctioned in Europe, they will no longer be able to do business in the EU, any assets they possess in the EU will be frozen, and those two co-founders will no longer be allowed to travel to any EU countries. Why Countries Use Companies to Conduct Cyberattacks If public reports are a guide, China and Iran weaponize private sector companies to support state-level cyber operations quite liberally; but they're far from the only countries that do it. Russia, Israel, and even the US have been known to cross that same line. "This is common," says Adam Meyers, head of counter adversary operations at CrowdStrike. "They're all kind of doing the same thing, where they're effectively supporting the need for technical capabilities, infrastructure development capabilities, exploit development, planning, etc., for the military units in those countries" through corporations. In China, Meyers says, the People's Liberation Army (PLA) has maintained close connections in the private sector and academia since the 1990s. By contrast, "Iran had a different path to get there. I think Stuxnet was a watershed moment, where they realized, 'Oh, wow, you could do all this stuff with cyber, and there's asymmetric capabilities.' And when that happened, we started seeing that folks were dropping their hacker names and building professional portfolios on LinkedIn." They started to build companies, they did the training, and were effectively meeting the demand for cyber capabilities at the Ministry of Intelligence and Security (MOIS) and Islamic Revolutionary Guard Corps (IRGC), Meyers adds. Related:China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years One obvious benefit of running cyberattacks through quasi-private institutions, for a nation-state, is that it affords some degree of plausible deniability. That's especially true when those institutions are more than just thin shell companies. "Ultimately, having a legitimate commercial offering strengthens an organization's cover and makes it more challenging for law enforcement to discern legitimate work from malicious behavior," says Crystal Morin, senior cybersecurity strategist at Sysdig.  There are a wealth of other resources, too, that are more freely available to companies than states, particularly widely maligned states. "Existing as a 'company' makes it easier to recruit talent, who may or may not be privy to the backroom activities that go beyond the scope of their day-to-day responsibilities. Infrastructure and tools can be purchased through the global supply chain under the guise of normal business operations, with legitimate tax IDs and credentials, which might otherwise be cut off when sanctioned," Morin notes. "A privatized workforce can also operate with fewer bureaucratic constraints than government entities."  Related:INC Ransomware Group Holds Healthcare Hostage in Oceania Do Sanctions Work? In a way, this week's sanctions were years in the making. Back in the mid-2010s, Europe suffered repeated, world-historic cyberattacks: Wannacry, NotPetya, election interference campaigns, and power grid shutdowns, to name a few. In response, the European Council in June 2017 created a "Cyber Diplomacy Toolbox," a general outline of what levers it could pull to rein in these attacks. Sanctions were the sharpest of those levers, and in May 2019 the council formalized how those sanctions would work in practice. It has since applied those sanctions against seven entities and 19 individuals. For some of those entities, sanctions carry a real, serious cost. Integrity Technology Group, for instance, is publicly traded on the Shanghai Stock Exchange, with tens of millions of dollars in annual revenue and around 500 employees. For them, Morin says, "legitimate businesses, partners, and customers will cut ties to avoid regulatory reprimand. That quickly limits the organization's access to funding, infrastructure, and global supply chain markets. While sanctions do not disrupt nefarious operations, they reduce funding and the ability to operate in the open, and impact the reputation of the company and the individuals who work for it." For fake companies like iSoon, though, the sanctions don't make quite the same impact. "Does it have a material impact on their ability to do business? Probably not," Meyers admits. "Are the founders going to be going to Disneyland for vacation? Probably not." Read more about: DR Global Asia Pacific About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE Red Hat Hackers Team Up With Scattered Lapsus$ Hunters by Rob Wright OCT 08, 2025 THREAT INTELLIGENCE 45 New Domains Linked to Salt Typhoon, UNC4841 by Elizabeth Montalbano, Contributing Writer SEP 08, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage by Becky Bracken, Senior Editor, Dark Reading APR 14, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE