The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.
Based in Tehran, Emennet Pasargad is responsible for a variety of high-profile cyberattacks on Western organizations. Among these are attempted interference with US elections and attacks on the subscribers of French satirical magazine Charlie Hebdo, the Council stated.
The FBI previously tied the group to interference efforts against the 2020 US election [PDF], which included running spoofed media sites spreading anti-American propaganda. These disinformation campaigns were designed to provoke voters into heated exchanges about the candidates and undermine confidence in election security.
It did not name the group at the time, but did so years later in a separate advisory warning of Emennet Pasargad's attacks in Israel and the likelihood of a return to targeting the US.
The Council sanctioned Emennet as part of broader measures against organizations behind cyberattacks targeting devices and systems across the EU.
Officials said that the group compromised the subscriber base of Charlie Hebdo and offered it for sale on the dark web.
Microsoft linked the data theft to Emennet in early 2023. It said at the time that more than 200,000 individuals' personal data was leaked online, and that it was carried out as a direct response to the 12 cartoons published by a Danish newspaper and later Charlie Hebdo.
Charlie Hebdo's offices were infamously targeted in a terror attack in 2015. The raid was led by two Algerian brothers who sought revenge for a cartoon the magazine published of the prophet Muhammad, which many Muslims deemed highly offensive.
Twelve people died following the brothers' shootings, including Charlie Hebdo cartoonists, and more people lost their lives in separate jihadist attacks in Paris that year. The magazine continues to publish controversial cartoons to this day.
The Council also said Emennet Pasargad was responsible for compromising a Swedish company's SMS service after activists burned Qurans during a 2023 protest, and sent around 15,000 messages warning that they would face retaliation.
Sweden's intelligence service linked the Iranian Revolutionary Guard Corps (IRGC) and a cyber group described as Anzu to the attacks in 2024. According to Council documents, Emennet Pasargad was behind the attacks while operating under the "Anzu Team" alias.
Further, the Council said that Emennet Pasargad was responsible for compromising an operator of advertising boards during the 2024 Paris Olympics, displaying anti-Israel propaganda.
"Emennet Pasargad is therefore responsible for cyberattacks with a significant effect, which constitute an external threat to member states, and for cyberattacks with a significant effect against a third state," the Council wrote.
The Council also sanctioned two Chinese organizations, and two individuals associated with them, rounding out the latest round of economic penalties against geopolitical adversaries.
It sanctioned Integrity Technology Group, a company the Council said enables Flax Typhoon, one of China's state-sponsored cyberespionage groups.
"That APT used Integrity Technology Group's products and technology to deploy its computer network exploitation activities," the Council wrote.
"Integrity Technology Group's products have been used since then to compromise and access Internet of Things (IoT) devices in member states, as well as in countries across Europe and globally."
It went on to say that, while using Integrity's tech, Flax Typhoon was responsible for the compromise of at least 65,600 IoT devices across six member states between 2022 and 2023.
Researchers from the likes of Microsoft and Eclypsium previously said that Flax Typhoon mainly focuses its efforts on Taiwan. Its work there also focuses largely on compromising IoT devices to build botnets as a means to quietly gain access to target networks and snoop on their activity.
In September 2024, the FBI said Integrity was operating a Mirai-based botnet that recruited around 260,000 devices, one that had been growing since 2021, until the company pulled it down before the US could disrupt and probe it.
Lastly, the Council sanctioned Anxun Information Technology, often referred to as i-Soon, which was the subject of a landmark data leak in 2024. Files included in that leak revealed it as a secret company Beijing contracted for its hack-for-hire services.
"It has targeted critical infrastructure and critical state functions of member states and accessed and sold classified information," the Council wrote.
Wu Haibo and Chen Cheng were the only two individuals sanctioned by the Council this week. They were named as CEO and COO at Anxun and are therefore deemed responsible for the attacks Beijing paid them to carry out. ®
Source: The register