U.S. Sanctions Chinese Cyber Company for Alleged Flax Typhoon Botnet Participation
The United States announced sanctions on 3 January for Beijing-based cybersecurity company Integrity Technology Group, Inc., for its alleged role in multiple computer intrusion incidents targeting U.S. victims.
A hacking group sponsored by the Chinese leveraged a botnet with Integrity Tech infrastructure to exploit victims, according to the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC).
The hacking group, dubbed Flax Typhoon, compromised computer networks in Africa, Asia, Europe, and North America. It “exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their network,” a Treasury press release said. In 2022 and 2023, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure during attacks.
Multiple U.S. agencies and international partners released an advisory in September 2024 about how Integrity Tech has been involved in a botnet compromising at least 260,000 devices, including Internet routers and Internet of Things (IoT) devices.
Integrity Tech builds cyber ranges to test cybersecurity tools and defenses, CyberScoop reported. According to FBI Director Christopher Wray in September, however, “their chairman has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.”
The sanctions are designed to constrain the company’s ability to do business in the United States. OFAC designated Integrity Tech as an entity that was responsible for or complicit in cyber-related activities that pose a significant threat to U.S. national security, foreign policy, or economic health or financial stability. The sanctions mean that all Integrity Tech’s property and interests that are in the United States or in control of U.S. persons are blocked and must be reported to OFAC. Financial transactions involving Integrity Tech are also blocked.
The sanctions came a few days after a Chinese intelligence agency hacked the U.S. Treasury Department, gaining access to employee workstations and unclassified documents, The New York Times reported.
Senior officials told the Times that the breach appeared to be an espionage mission. The compromised server was taken offline, and there is no evidence that the hackers still have access to Treasury information, the department said.