HomeIntelligenceBrief
🔓 BREACH BRIEF🟠 High🔍 ThreatIntel

EU Sanctions Chinese and Iranian Firms for State‑Sponsored Cyberattacks Targeting Critical Infrastructure

The European Union has sanctioned three firms and two individuals for operating the Raptor Train botnet, providing hacker‑for‑hire services, and running influence campaigns that compromised over 65 000 devices across six EU states. Third‑party risk managers must verify that no contracts or payments involve these sanctioned entities.

🛡️ LiveThreat™ Intelligence · 📅 March 18, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
🔍
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

EU Sanctions Chinese and Iranian Firms for State‑Sponsored Cyberattacks Targeting Critical Infrastructure

What Happened — The European Union Council placed sanctions on three companies—Integrity Technology Group, Anxun Information Technology, and Emennet Pasargad—and two individuals (the co‑founders of Anxun). The entities were accused of providing hacking‑as‑a‑service, operating the “Raptor Train” botnet that compromised more than 65 000 devices across six EU member states, and running influence‑campaign operations that hijacked advertising billboards and sold personal data of 230 000 French magazine subscribers.

Why It Matters for TPRM

  • State‑backed threat actors are now explicitly listed as sanctioned parties, creating legal and reputational risk for any third‑party that engages them.
  • The attacks demonstrate a supply‑chain threat model: compromised devices can be embedded in critical‑infrastructure environments of vendors and their customers.
  • Sanctions trigger asset‑freeze and travel‑ban obligations that may affect contracts, payments, and cross‑border collaborations.

Who Is Affected — Critical‑infrastructure operators, telecom providers, advertising/marketing firms, media publishers, cloud‑service providers, and any organization that sources hardware or software from the sanctioned entities or their affiliates.

Recommended Actions

  • Conduct an immediate review of all contracts and payments to any vendors with ties to China or Iran, especially those providing networking hardware, IoT devices, or managed services.
  • Verify that no assets, funds, or services are being transferred to the listed entities or individuals; update sanctions screening lists accordingly.
  • Enhance monitoring for botnet‑related traffic (e.g., Raptor Train signatures) and for credential‑theft indicators tied to the “Holy Souls” forum.
  • Incorporate the sanction details into your threat‑intel feeds and incident‑response playbooks for supply‑chain compromise.

Technical Notes — The Raptor Train botnet leveraged malware implants to create a 260 000‑device network; Anxun advertised hacker‑for‑hire services via underground forums; Emennet Pasargad conducted influence campaigns through compromised SMS services and billboard hijacking. No specific CVEs were disclosed. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →