The U.S. government has imposed sanctions on a cybersecurity company based in Beijing, accusing it of involvement with the Chinese state-backed hacking group known as Flax Typhoon.
On Friday, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against the Integrity Technology Group for its alleged role in “numerous computer intrusion incidents targeting U.S. entities,” including critical infrastructure.
The move comes months after the U.S. accused Integrity Technology, also referred to as Yongxin Zhicheng, of operating a botnet linked to Flax Typhoon. This botnet, dismantled by the FBI in September during a court-authorized operation, reportedly consisted of over 260,000 internet-connected devices, such as cameras, storage systems, and routers. According to a joint advisory from the FBI and NSA, the Integrity Technology Group had been managing and utilizing the botnet since 2021 to obscure the hacking group’s activities.
The Treasury Department stated that Flax Typhoon relied on infrastructure connected to Integrity Technology to target multiple organizations in the U.S. and Europe between mid-2022 and late-2023. While the specific victims were not disclosed, officials noted that the hacking group breached “several servers and workstations at a California-based organization.”
The U.S. Department of State issued a separate statement, revealing that Flax Typhoon successfully attacked a range of targets, including U.S. universities, government agencies, telecommunications companies, and media outlets.
The sanctions classify Integrity Technology as an entity engaged in “malicious cyber-enabled activities.” These sanctions were announced shortly after the Treasury confirmed it was targeted in a December cyberattack, also attributed to Chinese state-sponsored hackers. Reports suggest the attackers accessed unclassified documents and information related to the Treasury’s sanctions office, OFAC.
Officials speaking to The Washington Post indicated that the breach may have provided the hackers with intelligence on Chinese organizations being considered for U.S. financial sanctions.
In a statement, the Treasury described Chinese cyber actors as “among the most active and persistent threats” to U.S. national security, citing the recent targeting of its IT systems as an example.
Integrity Technology Group, which is publicly traded on the Shanghai Stock Exchange, did not respond to inquiries regarding the sanctions or the allegations against it.
