The US government has sanctioned a Beijing-based cyber security company for its alleged links to a Chinese government-backed hacking group known as Flax Typhoon.
The Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions against Integrity Technology Group for its role in “multiple computer intrusion incidents against US victims,” including critical US infrastructure.
The sanctions come months after the US government accused Integrity Technology, also known as Yongxin Zhicheng, of running a botnet linked to the Flax Typhoon hacker group.
The botnet, which was dismantled by the FBI in a court-authorized operation in September, consisted of more than 260,000 Internet-connected devices, including cameras, storage devices and routers, according to a joint advisory released by the FBI and the National Security Agency at the time. The agencies said the botnet was operated and controlled by Integrity Technology Group since 2021 to hide the activities of the Flax Typhoon hackers.
Treasury said in its statement that Flax Typhoon used infrastructure related to Integrity Tech to compromise multiple US and European organizations between mid-2022 and late 2023. Hacking victims were not named, but Treasury added that the hacker group backed by China compromised “multiple servers and workstations at a California-based entity.”
According to a separate press release released by the US State Department on Friday, Flax Typhoon successfully targeted multiple US universities, government agencies, telecommunications providers and media organizations.
The new sanctions, which designate Integrity Tech as an organization involved in “malicious cyber-enabled activities,” come just days after Treasury confirmed it was the subject of a December cyber attack it attributed to hackers backed by the Chinese government. . The hackers reportedly targeted the Treasury’s sanctions office, OFAC, during the intrusion, which gave the hackers remote access to Treasury employees and access to unclassified documents.
US officials told The Washington Post that the hack may have given hackers access to information about Chinese organizations that the US government may consider targeting for financial sanctions.
A Treasury spokesman did not return TechCrunch’s request for comment. In its statement on Friday, the Treasury called Chinese malicious actors “one of the most active and persistent threats” facing US national security, referring to the targeting of the Treasury’s own IT infrastructure.
Integrity Tech, which is traded on the Shanghai Stock Exchange, did not respond to TechCrunch’s questions.
