(Credit: Nikada/E+ via Getty Images)
The US Treasury Department has sanctioned Chinese firm Integrity Technology Group for allegedly supporting the Chinese hacker group "Flax Typhoon."
"Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure," the Treasury Department says.
The sanctions mean that any US companies or people with ties to Integrity Tech are expected to report any assets or dealings to the Treasury Department's Office of Foreign Assets Control (OFAC). Financial intermediaries are also expected to stop doing business with or for the firm.
US authorities believe Flax Typhoon has operated since at least 2021 and has pursued a range of global targets, including US entities. The group often attacks critical infrastructure and previously breached "multiple servers and workstations" at an "entity" in California, Treasury said without elaborating. Group affiliates typically use VPN software and remote-access software to gain and retain access to breached systems. In 2023, Microsoft said Flax Typhoon had targeted Taiwan organizations for Chinese espionage purposes.
In September, international authorities—including those in the US, Canada, and Australia—co-published an 18-page report detailing how Chinese state-affiliated cybercriminals are attacking routers and devices abroad using botnets to deploy malware or conduct DDoS attacks. They found that Integrity Tech operated Flax Typhoon's botnet—a network of what may be at least 260,000 compromised devices that helped the attackers hide their identities.
"Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory," the report on the firm's ties to Flax Typhoon reads, adding: "FBI has engaged with multiple US victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda."
These sanctions come just days after Chinese hackers reportedly breached computers belonging to OFAC—which itself establishes sanctions—and viewed unclassified documents. The Treasury did not specify whether it believes Flax Typhoon or a different hacker group conducted that attack (The New York Times reports that one of China's intelligence agencies conducted the breach. It also said this attack was to gain intel, not to brick OFAC computer systems).
A different Chinese hacker group, Salt Typhoon, has been blamed for breaching at least nine different US telecommunications firms, including AT&T and Verizon, by using existing software flaws. On Monday, those two wireless giants both said they no longer detected any Salt Typhoon presence on their networks.