Last Friday, the Department of the Treasury in the USA declared sanctions against Integrity Technology Group, a cybersecurity enterprise based in Beijing that is charged with assisting a state-sponsored hacker group known as Flax Typhoon.
Integrity Tech’s services and infrastructure were purportedly utilized by the hackers to infiltrate numerous American and international establishments, including critical infrastructure, governmental bodies, and private corporations.
According to Executive Order (E.O.) 13694, as amended, the Treasury’s Office of Foreign Assets Control (OFAC) assigned Integrity Tech, consequently blocking any of the firm’s assets under U.S. jurisdiction.
Under these sanctions, American bodies and individuals are prohibited from engaging in transactions with Integrity Tech. Additionally, foreign companies risk penalties if their dealings with the firm involve U.S. markets or financial systems.
The seriousness of the threat was highlighted by Bradley T. Smith, the Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, who mentioned, “The Treasury Department is committed to holding accountable malicious cyber actors and their collaborators for their actions.”
Smith stressed that the United States will actively use its wide array of legal and financial tools to disrupt and discourage malicious cyber threats.
Flax Typhoon: A Persistent Cyber Threat
Flax Typhoon has been operational since at least 2021, with reports suggesting its affiliation with the Chinese government and its focus on attacking critical infrastructure domestically and internationally.
While targeting regions such as North America, Europe, Africa, and Asia, the group has prominently concentrated on U.S. and Taiwanese entities.
Flax Typhoon exploits known vulnerabilities to gain access and utilizes legitimate remote access tools to remain undetected within compromised networks over extended periods.
According to U.S. authorities, the hackers deployed various strategies to establish and expand their access, including exploiting virtual private network (VPN) software and remote desktop protocols (RDP) to navigate within infiltrated systems.
Between mid-2022 and late 2023, several hosts related to U.S. and European bodies were reportedly breached by the hackers.
Officials from the Treasury concluded that during the same timeframe, Flax Typhoon frequently used Integrity Tech’s infrastructure to exchange vital information, effectively utilizing the company’s resources for cyberattack management.
Investigators determined that the firm’s infrastructure played a crucial role in multiple intrusions that led to data breaches and other cyber disturbances.
In September 2024, in a related event, U.S. agencies acted to dismantle a botnet created by Flax Typhoon, seizing control of pivotal servers and disrupting malware infecting numerous network devices.
The group has a track record of generating and exploiting large-scale botnets for Distributed Denial of Service (DDoS) attacks and other malicious operations.
National Security Implications
The sanctions were imposed following reports of Chinese threat actors breaching the U.S. Treasury Department’s unclassified data, underscoring concerns regarding China’s consistent cyber operations against critical government targets and infrastructure.
Authorities caution that associated groups like Volt Typhoon have previously infiltrated U.S. power grids and other vital systems in preparation for potential disruptive actions.
The Treasury’s objective with these measures is clear: any entities found supporting state-sponsored hacking endeavors will be met with swift and substantial penalties.
OFAC stated, “The purpose of the sanctions is to induce positive behavioral change rather than to punish.” Whether these actions will deter future cyber intrusions remains uncertain, but the government’s resolute response signals a firm stance against Chinese cyber threats.
The post US Sanctions Chinese Company for Supporting Flax Typhoon Hacker Group appeared first on Cyber Security News.