The US government has sanctioned a Beijing-based cybersecurity firm for its alleged ties to a Chinese government-backed hacking group tracked as Flax Typhoon.
The Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against Integrity Technology Group for its involvement in “multiple computer intrusion incidents against U.S. victims” involving U.S. critical infrastructure.
The sanctions come months after the US government accused Integrity Technology, also known as Yongxin Zhicheng, of running a botnet associated with the Flax Typhoon hacking group.
The botnet was dismantled by the FBI in a court-authorized operation in September and consisted of more than 260,000 internet-connected devices, including cameras, storage devices, and routers, according to a joint advisory issued by the FBI and the Federal Bureau of Investigation. It is said that it was done. National Security Agency at the time. According to authorities, the botnet was operated and controlled by Integrity Technology Group since 2021 to cover up the activities of the Flux Typhoon hackers.
The Treasury Department said in a statement that Flax Typhoon used infrastructure associated with Integrity Tech to compromise multiple organizations in the United States and Europe from mid-2022 to late 2023. The names of the hacking victims were not disclosed, but the Treasury Department added that a Chinese-backed hacker group had compromised “multiple servers and workstations of a California-based company.”
Flax Typhoon successfully targeted multiple U.S. universities, government agencies, telecommunications providers, and news organizations, according to a separate press release issued by the U.S. State Department on Friday.
The new sanctions, which designate Integrity Tech as an organization involved in “malicious cyber-based activities,” come after the Treasury Department acknowledged in December that the company had suffered a cyberattack by Chinese state-backed hackers. It was held a few days later. The hackers reportedly targeted OFAC, the Treasury Department's sanctions authority, during the breach, which gave them remote access to Treasury officials and access to unclassified documents.
U.S. officials told The Washington Post that the breach may have given the hackers access to information about Chinese entities that the U.S. government may be considering for financial sanctions. He said there is.
A Treasury spokesperson did not respond to TechCrunch's request for comment. The Treasury Department cited the targeting of its own IT infrastructure in a statement Friday, saying Chinese malicious actors are “one of the most active and persistent threats facing U.S. national security.” ”.
Integrity Tech, which is listed on the Shanghai Stock Exchange, did not respond to TechCrunch's questions.