EU Sanctions Chinese and Iranian Firms Over Cyberattacks Targeting Member States

What happened

The European Union imposed sanctions on two China-based companies and one Iranian company for conducting cyberattacks against EU member states and partner countries. The sanctions include asset freezes and restrictions, targeting entities accused of involvement in malicious cyber operations. The move is part of the EU’s broader effort to respond to state-linked cyber activity and hold organizations accountable for attacks targeting European infrastructure and institutions. 

Who is affected

The sanctions directly affect the Chinese and Iranian companies named by the EU, while organizations and institutions targeted by the cyberattacks are indirectly impacted. 

Why CISOs should care

The action highlights how governments are increasingly using sanctions as a response mechanism to cyber incidents, signaling continued attribution and enforcement efforts tied to state-linked cyber operations. 

3 practical actions

1. Track sanctioned entities. Monitor updates to sanctions lists that may affect third-party vendors or partners. 
2. Assess exposure to sanctioned organizations. Review supply chains and service providers for potential links to listed entities. 
3. Incorporate geopolitical risk into security planning. Consider how state-linked cyber activity may impact operations and threat models. 

For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.