The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions last week on a Beijing-based cybersecurity firm for supporting a Chinese state-sponsored cyber group, Flax Typhoon, which has been targeting critical U.S. infrastructure since at least 2021.
OFAC sanctioned Integrity Technology Group, which is traded on the Shanghai Stock Exchange, for its role in multiple data breaches affecting U.S. victims. The agency said between 2022 and 2023, Flax Typhoon used infrastructure linked to Integrity Tech to breach computer networks targeting multiple victims.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley Smith.
Flax Typhoon has targeted victims across various sectors and has infiltrated computer networks on multiple continents, including North America, Europe, Africa, and Asia. The cyber group “exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their network,” OFAC said.
The agency also noted that Chinese malicious cyber actors, including Flax Typhoon, are among the most active and persistent threats to U.S. national security. These actors continue to target U.S. government systems, including a recent attack on the Treasury’s own IT infrastructure.
The State Department also sanctioned Integrity Tech for its malicious cyber activities. The agency said Flax Typhoon “successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.”
In September, the U.S. Department of Justice announced it had disrupted a botnet—a network of infected computers—consisting of over 200,000 consumer devices infected by Integrity Tech in the U.S. and worldwide.
“Our takedown of this state-sponsored botnet reflects the Department’s all-tools approach to disrupting cyber criminals,” said Deputy Attorney General Lisa Monaco at the time.
“This network, managed by a [People’s Republic of China] government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the [People’s Republic of China] to exploit,” she added.
OFAC sanctioned Integrity Technology Group, which is traded on the Shanghai Stock Exchange, for its role in multiple data breaches affecting U.S. victims. The agency said between 2022 and 2023, Flax Typhoon used infrastructure linked to Integrity Tech to breach computer networks targeting multiple victims.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley Smith.
Flax Typhoon has targeted victims across various sectors and has infiltrated computer networks on multiple continents, including North America, Europe, Africa, and Asia. The cyber group “exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their network,” OFAC said.
The agency also noted that Chinese malicious cyber actors, including Flax Typhoon, are among the most active and persistent threats to U.S. national security. These actors continue to target U.S. government systems, including a recent attack on the Treasury’s own IT infrastructure.
The State Department also sanctioned Integrity Tech for its malicious cyber activities. The agency said Flax Typhoon “successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.”
In September, the U.S. Department of Justice announced it had disrupted a botnet—a network of infected computers—consisting of over 200,000 consumer devices infected by Integrity Tech in the U.S. and worldwide.
“Our takedown of this state-sponsored botnet reflects the Department’s all-tools approach to disrupting cyber criminals,” said Deputy Attorney General Lisa Monaco at the time.
“This network, managed by a [People’s Republic of China] government contractor, hijacked hundreds of thousands of private routers, cameras, and other consumer devices to create a malicious system for the [People’s Republic of China] to exploit,” she added.
