US Sanctions Chinese Cyber Firm

U.S. Sanctions Chinese Cybersecurity Firm Linked to Hacking Group

The United States government has imposed sanctions on a Beijing-based cybersecurity firm. This action is due to alleged connections with a China-backed hacking group known as Flax Typhoon.

Details of the Sanctions

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced the sanctions against Integrity Technology Group on Friday. The firm is accused of involvement in “multiple computer intrusion incidents” targeting U.S. entities.

These intrusions specifically impacted U.S. critical infrastructure, according to the OFAC statement.

Background on Flax Typhoon and Integrity Technology

The sanctions follow months after the U.S. government publicly accused Integrity Technology, also operating as Yongxin Zhicheng, of managing a botnet. This botnet was linked to the activities of the Flax Typhoon hacking group.

The FBI successfully dismantled this botnet through a court-authorized operation in September. It comprised over 260,000 internet-connected devices.

Botnet Infrastructure

These compromised devices included a variety of everyday technology, such as cameras, storage devices, and routers. The FBI and National Security Agency jointly reported that Integrity Technology Group had operated and controlled the botnet since 2021.

The purpose of this control was to obscure the actions of the Flax Typhoon hackers.

Targeted Organizations and Timeline

Between mid-2022 and late-2023, Flax Typhoon reportedly utilized infrastructure associated with Integrity Tech. This allowed them to compromise numerous organizations across the U.S. and Europe.

While specific victims were not publicly identified, the Treasury Department noted that a California-based entity experienced compromises to its servers and workstations.

Specific Targets Identified by the State Department

A separate press release from the U.S. Department of State detailed that Flax Typhoon specifically targeted U.S. universities, government agencies, telecommunications companies, and media organizations.

Recent Cyberattack on the Treasury Department

These new sanctions, designating Integrity Tech for “malicious cyber-enabled activities,” arrive shortly after the Treasury Department confirmed a cyberattack in December. U.S. intelligence attributes this attack to China government-backed hackers.

The intrusion specifically targeted the Treasury’s sanctions office, OFAC, granting hackers remote access to Treasury employees and unclassified documents.

Potential Impact of the Intrusion

Sources speaking to The Washington Post suggest the intrusion may have provided hackers with access to information regarding Chinese organizations. These organizations were potentially under consideration for U.S. financial sanctions.

Treasury and Integrity Tech Response

A Treasury spokesperson did not respond to a request for comment from TechCrunch. However, the Treasury’s statement on Friday characterized Chinese malicious actors as a significant and ongoing threat to U.S. national security.

This assessment specifically referenced the targeting of the Treasury’s own IT infrastructure. Integrity Tech, which is publicly traded on the Shanghai Stock Exchange, also did not respond to inquiries from TechCrunch.

Integrity Technology Group is now subject to significant restrictions due to these sanctions.