Finance & Banking,
Geo-Specific,
Industry Specific
Chinese Hacking Firm iSoon and Iran’s Emennet Pasargad Among Targets
The European Union has recently sanctioned three hacking operations based in China and Iran, entities that have been under U.S. indictments or sanctions for significant periods—some for over a year, with one instance dating back to 2019. This action taken by the EU underscores a growing concern regarding cyber threats targeting its member states and partners.
On Monday, the sanctions were applied by the Council of the EU, which represents the national governments of the bloc’s member states. Key among the targeted operations are China’s Integrity Technology Group and Anxun Information Technology Co., also known as iSoon. The EU also sanctioned Iran’s Emennet Pasargad, which is recognized under alternative names such as the Anzu Team or Holy Souls. Furthermore, significant figures within Anxun, including CEO Wu Haibo and COO Chen Cheng, were included on the sanctions list as well.
The Council proclaimed, “Today’s decision confirms the EU and its member states’ willingness to provide a strong and sustained response to persistent malicious cyber activities targeting the EU, its member states, and partners.” By issuing these sanctions, the Council reaffirmed its commitment to fostering an open, free, stable, and secure cyberspace through continued international cooperation.
The newly issued sanctions serve to freeze the assets of the designated entities and prohibit EU citizens and businesses from engaging financially or commercially with those listed. The leaders of Anxun, Wu and Chen, now also face travel bans prohibiting them from entering or transiting through Europe.
In a response from the Chinese side, Lin Jian, a spokesperson for China’s foreign affairs ministry, condemned the sanctions as “unlawful and unilateral,” urging the EU to rectify its erroneous practices. The sentiment reflects a broader narrative of rising tensions between China and the EU regarding issues of cyber activities.
While sanctions targeting cyber actors can often be seen as symbolic rather than truly disruptive, the timing of the EU’s response raises questions. Among the most notable sanctions from the European standpoint are those against Emennet Pasargad, a Tehran-based entity that made headlines in 2023 after it stole and publicly displayed the subscriber database of the French satirical magazine Charlie Hebdo. This magazine had previously faced a tragic and widely covered extremist attack in 2015.
In that troubling incident, Microsoft reported that sensitive data pertaining to over 200,000 subscribers had been compromised. The tech giant labeled the hacking group involved, dubbing them Neptunium, as an “Iranian nation-state actor,” with the attack likely a retaliation against a Charlie Hebdo contest that mockingly portrayed the deceased Iranian Supreme Leader, Ali Khamenei.
The EU Council’s sanctions documents further detail numerous acts of sabotage linked to Emennet Pasargad, including incidents such as the hijacking of advertising screens during the 2024 Paris Olympic Games to disseminate propaganda and the compromise of a Swedish SMS service. This last incident is believed to be tied to a 2023 event where the attackers sent messages to numerous Swedish citizens calling for retribution against those involved in burning the Koran, corroborated by an FBI advisory on the group.
Moreover, the group has been implicated in attempts to influence the 2020 U.S. elections, wherein they reportedly obtained confidential voter information to send threatening emails masquerading as far-right extremists. These revelations culminated in indictments for two of their contracted hackers in 2021, and the U.S. Treasury had sanctioned the group two years earlier. Nevertheless, Emennet Pasargad seems to persist in its operations, having been linked in 2022 to a ransomware campaign allegedly under the auspices of Iran’s Islamic Revolutionary Guard Corps.
Meanwhile, Integrity Technology Group has been featured in the sanctions list for its facilitation of cyberattacks associated with the hacking activities known as Flax Typhoon. This activity is reportedly tied to leaked code from the infamous Mirai botnet and has been active since at least 2021. The EU Council claims that between 2022 and 2023, Flax Typhoon managed to access at least 65,600 devices connected to the internet of things across six member states in Europe utilizing technology provided by Integrity Tech.
Despite the harsh measures taken by the EU, critics point out that the sanctions come a bit late, considering the U.S. had already blacklisted Integrity in January 2025 and placed iSoon’s founders Chen and Wu on indictments for several high-profile attacks against various institutions, including the New York State Assembly and the Department of Commerce, earlier in March 2025. Moreover, the iSoon company reportedly suffered a leak in 2024 that unveiled ties between its operations and China’s Ministry of Public Security, raising questions about the efficacy of such sanctions.
Stefan Soesanto, a former cyber defense lead at ETH Zurich’s Center for Security Studies, expressed skepticism about the EU’s timing, noting in a post that it is puzzling why sanctions were imposed two years after the leak was revealed. Overall, the EU has imposed cyber sanctions on a total of 19 individuals and seven entities since establishing the framework for these measures in 2019.
Britain has also adopted similar sanctions, targeting Integrity Tech and iSoon in December 2025 due to their “reckless and indiscriminate cyberattacks.” The UK’s National Cyber Security Center remarked on the high likelihood that these companies supported activities from the Chinese state. Since implementing its own sanctions framework, the UK has placed sanctions on 82 individuals and 13 organizations.
In a notable development, British law firm Mishcon de Reya highlighted ongoing investigations into potential breaches of the UK’s cyber sanctions regime, a trend that reflects a significant advancement in enforcement capabilities, suggesting a transition from theoretical frameworks to practical application of cyber sanctions.
This growing attention to sanction mechanisms from Western nations points toward an intentional push to address and deter malicious cyber activities. Policymakers have long advocated for such measures, but the recent uptick in investigations signifies a noteworthy point in the narrative of cyber law enforcement and international relations.