The US government has imposed sanctions on a Beijing-based cybersecurity company, Integrity Technology Group, over its alleged links to the China government-backed hacking group, tracked as Flax Typhoon. The Treasury Department’s Office of Foreign Assets Control (OFAC) announced the sanctions on Friday, citing the company’s role in "multiple computer intrusion incidents against US victims," including critical infrastructure.
Background: Flax Typhoon and Integrity Technology Group
The US government has been tracking Flax Typhoon as a hacking group backed by the Chinese government. In September, the FBI dismantled a botnet associated with the group, which was made up of over 260,000 internet-connected devices, including cameras, storage devices, and routers. The botnet had been operated and controlled by Integrity Technology Group since 2021 to conceal the activities of Flax Typhoon hackers.
Sanctions Against Integrity Technology Group
The Treasury said in its statement that Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple US and European organizations between mid-2022 and late-2023. The hacking victims were not named, but the Treasury added that the China-backed hacking group compromised "multiple servers and workstations at a California-based entity."
Additional Hacking Incidents
According to a separate press release published by the US Department of State on Friday, Flax Typhoon successfully targeted multiple US universities, government agencies, telecommunications providers, and media organizations.
Recent Cyberattack on Treasury’s Sanctions Office
The new sanctions come just days after the Treasury confirmed it was subject to a cyberattack in December that it attributed to China government-backed hackers. The hackers reportedly targeted the Treasury’s sanctions office, OFAC, during the intrusion, which gave them remote access to Treasury employees and access to unclassified documents.
US Officials’ Concerns
U.S. officials told The Washington Post that the intrusion may have given the hackers access to information about Chinese organizations that the US government may be considering designating for financial sanctions.
Integrity Tech’s Response
A spokesperson for the Treasury did not return TechCrunch’s request for comment. Integrity Tech, which is traded on the Shanghai Stock Exchange, did not respond to TechCrunch’s questions.
US Government’s Concerns About China-Backed Hacking Group
In its statement Friday, the Treasury called Chinese malicious actors "one of the most active and most persistent threats" facing US national security, referencing the targeting of the Treasury’s own IT infrastructure.
Impact on Global Cybersecurity
The sanctions against Integrity Technology Group highlight the growing concern about China-backed hacking groups and their impact on global cybersecurity. The incident serves as a reminder to organizations around the world to be vigilant in protecting themselves from cyber threats.
Related Developments
- A joint advisory published by the FBI and the National Security Agency (NSA) in September highlighted the botnet associated with Flax Typhoon.
- The Treasury Department’s Office of Foreign Assets Control (OFAC) has designated several Chinese companies for their alleged involvement in malicious cyber-enabled activities.
Conclusion
The US government’s sanctions against Integrity Technology Group demonstrate its commitment to protecting national security and critical infrastructure from cyber threats. The incident serves as a warning to organizations around the world to be vigilant in protecting themselves from China-backed hacking groups and other cyber threats.
