EU Sanctions Chinese and Iranian Actors for Cyberattacks on Critical Infrastructure Affecting 65,000 Devices
What Happened — The European Council imposed sanctions on three companies and two individuals from China and Iran for operating APT‑style campaigns that compromised more than 65,000 devices across six EU member states between 2022‑2023. The measures include asset freezes and travel bans.
Why It Matters for TPRM —
- State‑linked threat actors are leveraging third‑party service providers to gain persistent access to critical‑infrastructure networks.
- Sanctioned entities may still be embedded in supply‑chains, exposing partners to legal, reputational, and operational risk.
- Ongoing geopolitical pressure raises the likelihood of further disruptive cyber operations against EU‑based services.
Who Is Affected — Energy & utilities, telecommunications, transportation, and government agencies that rely on the compromised devices or services.
Recommended Actions —
- Update sanctions screening lists and block any transactions with the listed entities.
- Conduct a rapid inventory of any third‑party services that may have used Integrity Technology Group, Anxun Information Technology, or Emennet Pasargad.
- Review incident‑response playbooks for APT‑style intrusion detection and containment.
Technical Notes — The attacks were carried out through the infrastructure of Integrity Technology Group, hacker‑for‑hire services from Anxun Information Technology, and data‑exfiltration/disinformation operations by Emennet Pasargad. No specific CVE was disclosed; the vector relied on compromised supply‑chain assets and credential abuse. Source: Security Affairs