EU sanctions Chinese company behind 65,000-device hack

The EU Council has sanctioned companies from China and Iran, along with two individuals, over cyberattacks targeting its member states and partners.

“Those listed are subject to an asset freeze, while EU citizens and companies are prohibited from providing them with funds or economic resources. Individuals also face travel bans that prevent entry into or transit through EU territory,” the Council said in a statement.

With the latest listings, the EU cyber sanctions regime applies to 19 individuals and 7 entities.

One of the sanctioned Chinese companies provided tools used to compromise and access devices in EU member states and worldwide. Between 2022 and 2023, its support contributed to the hacking of more than 65,000 devices in six member states. Another company based in China provided hacking services targeting infrastructure and key functions in both EU countries and third states.

According to the Council decision, the Iranian company accessed a French subscriber database and offered the data for sale on the dark web. It also took control of advertising billboards to spread disinformation during the 2024 Paris Olympic Games and compromised a Swedish SMS service.

“The EU and its member states will continue to cooperate with international partners to promote an open, free, stable and secure cyberspace,” the Council added.