US sanctions Chinese security firm behind Flax Typhoon threat actors


A Beijing-based cybersecurity company – said to be behind the Chinese state-sponsored Flax Typhoon threat group – was sanctioned by the US Treasury Department on Friday.

The Treasury’s Office of Foreign Assets Control (OFAC) said the company, Integrity Technology Group, Inc., is behind multiple cyberattacks against organizations within the US critical infrastructure sector, dating back to 2021.

The attacks have been publicly attributed to a malicious state-sponsored cyber group known as Flax Typhoon – a known threat group busted by the FBI last September for running a massive botnet of over 260,000 breached devices worldwide, with over 100,000 found in the US.

ADVERTISEMENT

Malicious Chinese actors continue to be one of the most active and persistent threats to US national security, the agency said in its announcement, citing the most recent December attack on its own Department’s IT infrastructure.

According to the FBI, the botnet was controlled and managed by Integrity Tech and used to carry out malicious activities, such as Distributed Denial-of-Service (DDoS) attacks.

Integrity Tech would spread its botnet malware by infecting ordinary consumer devices, often targeting home office routers, webcams, IP cameras, or DVRs, and then disguising its activity as routine internet traffic.

Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech to routinely send and receive information, US authorities said.

“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith about the sanctions.

Flax Typhoon is said to use publically known vulnerabilities to compromise its victim’s networks, targeting a wide range of industries in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan.

ADVERTISEMENT

A Microsoft Threat Intelligence profile on the group found that nation-state actors targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan and elsewhere.

Paulina Okunyte Niamh Ancell BW vilius Marcus Walsh profile
Get our latest stories today on Google News

The group was known to use virtual private network software and remote desktop protocols to breach its victims, including compromising multiple servers and workstations at an unnamed California-based entity in 2023.

OFAC has designated Integrity Tech as carrying out cyber-enabled activities, directly or indirectly, that present a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.

On December 8th, 2024, Chinese threat actors breached a third-party cybersecurity vendor and hacked into at least 100 laptops belonging to US Treasury Department staff, including some senior officials.

Treasury officials labeled the breach as a "major incident" and are expected to provide more details at a January 10th hearing at the request of US lawmakers.