Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
%402x.svg){kind=icon}
In recent days, the EU sanctions for cyberattacks have once again placed cybersecurity at the center of the European debate. According to information published by the Council of the European Union, Brussels has sanctioned three entities and two individuals linked to malicious operations against EU member states and partners. Beyond the geopolitical level, this decision confirms that a computer attack It is no longer limited to data theft: it can affect critical infrastructure, essential services and public trust.
On March 16, 2026, the Council of the EU adopted new restrictive measures against three entities and two individuals to whom it attributes responsibility for cyberattack campaigns against member states and partner countries. The measures include freezing of assets, prohibition of receiving funds or economic resources from EU citizens and companies, and restriction of entry or transit into EU territory for sanctioned individuals.
Sanctioned entities include Integrity Technology Group, noted for having provided products used to compromise devices in Europe and other regions; Anxun Information Technology, accused of offering intrusion services aimed at critical infrastructures and essential functions; and Emennet Pasargad, related to illegal access to a subscriber database in France, as well as to disinformation actions and affecting an SMS service in Sweden. The Council itself states that, between 2022 and 2023, more than 65,000 devices in six member States were committed to technical and material support associated with one of these actors.
The important thing about this case is that we are not dealing with just one security breach, but rather in the face of a set of operations with different purposes: espionage, intrusion, illegitimate access to data, alteration of public communication channels and disinformation. This combination explains why the European response has not been limited to the technical level, but has escalated to diplomatic and sanctioning terrain.
When the EU sanctions actors linked to campaigns against critical infrastructures and essential functions, the message is clear: these attacks seek more than just disrupting systems. They seek to generate political, economic and reputational impact. The Council precisely stresses that some of the sanctioned activities affected critical functions of Member States and a large number of European citizens.
For companies, this has a direct reading. The sectors with the highest exposure are not just defense or public administration. So are organizations with large volumes of data, connected services, distributed networks, cloud environments, technology providers and operations with high digital dependence. In practice, any company that manages sensitive information or supports essential processes can become an indirect or collateral target. This is a central issue for the enterprise IT security.
In addition, these types of campaigns fit into a hybrid threat logic: they combine technical intrusion with influence, pressure or public exploitation of the incident. The case of the sanctioned Iranian company is especially illustrative, because the EU attributes both illegal access to data and disinformation actions during the Paris 2024 Olympic Games.
The Council has not published all the specific technical vectors of each incident, but it does provide sufficient elements to identify common patterns. What these sanctions show is that many campaigns are not based on a single technique, but rather on a chain of offensive capabilities, access, monetization and exploitation of impact.
These five patterns fit with the facts described by the EU: products used to compromise devices, hacking services aimed at critical functions, illegal access to data and subsequent exploitation of the incident for the purpose of disinformation or pressure.
The first lesson is that cybersecurity must also be analyzed from the third-party chain. If there are vendors that market offensive capabilities or facilitate intrusions, evaluating only your own perimeter is no longer sufficient. It is necessary to review external accesses, integrations, privileges and dependencies with a view of real risk.
The second is that early detection matters just as much as prevention. When an organization discovers an intrusion late, the problem is no longer just technical: it can lead to data loss, operational shutdown, regulatory pressure and reputational crisis. This is especially critical in sectors with high public exposure or essential services.
The third is that the answer must contemplate hybrid scenarios. Today, a company must not only prepare to contain malware or unauthorized access. You must also be prepared to manage data breaches, disinformation, crisis communication and legal coordination. This preparation reduces impact and accelerates recovery.
The fourth is that protecting critical assets requires prioritization. Not all systems carry the same weight for the business. Identifying which processes sustain the operation, which data are most sensitive and which services cannot be stopped is the basis for effectively assigning controls, monitoring and contingency plans.
These sanctions are not an isolated gesture. They are part of the European framework for diplomatic response to malicious activities in cyberspace, known as Cyber Diplomacy Toolbox, established in 2017. In 2019, the EU created a specific regime of sanctions against cyberattacks and, with the new additions of March 2026, this regime now covers 19 individuals and 7 entities.
For the business fabric, the conclusion is clear: cybersecurity is no longer just an IT issue. It's a business, continuity and trust priority. When European institutions raise these incidents to the level of international sanctions, they are recognizing that digital risk has economic, strategic and social impacts. And that same logic applies to any company that wants to protect its activity against a computer attack Or a security breach with real consequences.
Las EU sanctions for cyberattacks are an unequivocal sign of where the threat is evolving: more professional, more hybrid operations with a greater impact on business, reputation and continuity.
In Apolo Cybersecurity we help organizations to anticipate this risk with exposure assessment, monitoring, incident response, vulnerability analysis and strategic support in cybersecurity.
If you want to identify critical points in your organization before they become a real problem, we can make a first assessment and help you define the most urgent protection priorities.
