U.S. Sanctions Beijing Cyber Firm Over Alleged Hacking Ties
The U.S. government has taken a strong stance against a Beijing-based cybersecurity company, Integrity Technology Group, imposing sanctions due to its alleged connection with a China-backed hacking group known as Flax Typhoon. These actions come amid concerns over cybersecurity threats targeting U.S. infrastructure.
On Friday, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced the sanctions, highlighting Integrity Technology’s involvement in numerous cyber intrusion incidents targeting U.S. entities, including critical infrastructure.
- The company is also known as Yongxin Zhicheng.
- A botnet linked to the company was dismantled by the FBI in September.
- The botnet consisted of over 260,000 devices like cameras and routers.
“Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple U.S. and European organizations between mid-2022 and late-2023,” noted the Treasury in their statement.
{Treasury Department}
This move follows accusations by the U.S. government that Integrity Technology was operating a botnet associated with Flax Typhoon. This botnet, which was dismantled by the FBI in a court-authorized operation last September, reportedly involved over 260,000 internet-connected devices, including cameras and routers.
According to joint guidance from the FBI and National Security Agency, this network has been under Integrity Technology’s control since 2021, concealing Flax Typhoon’s activities. The Treasury revealed that these hackers compromised multiple servers and workstations at a California-based entity, among others.
The U.S. State Department also detailed that Flax Typhoon had successfully targeted several U.S. universities, government agencies, telecommunications providers, and media organizations.
The sanctions label Integrity Tech as engaging in “malicious cyber-enabled activities.” This comes shortly after revealing that the Treasury itself was targeted by China-backed hackers in December.
- Hackers allegedly accessed unclassified documents at the Treasury.
- The intrusion may have exposed information on Chinese entities facing potential sanctions.
U.S. officials describe Chinese malicious actors as “one of the most active and persistent threats” to national security.
{U.S. Officials via The Washington Post}
Despite these developments, neither Integrity Tech nor the Treasury provided comments to TechCrunch regarding these new sanctions or past incidents.
