US Sanctions Chinese Tech Company Over Infrastructure Hacks

Matthew Broersma,
Linkedin
An photograph of a Chinese flag. Keywords: China, hacking, security

US Treasury sanctions Beijing-based Integrity Tech over alleged links to state-backed hacking group ‘Flax Typhoon’

Getting your Trinity Audio player ready...

The US Treasury said it has sanctioned Beijing-based technology company Integrity Technology Group for its alleged involvement in the operations of “Flax Typhoon”, a threat group said by authorities to be backed by the Chinese government in attacks on US critical infrastructure.

The move comes after the department said last week that a China-backed group had infiltrated its own workstations last month and stole files in what it described as a “major incident”.

Flax Typhoon has been operating at least since 2021 across North America, Europe, Africa and Asia with a “particular focus on Taiwan”, infiltrating organisations across a “wide range of industries”, the Treasury said.

In September the FBI said it had taken down a botnet comprised of more than 200,000 consumer devices in the US and worldwide that had been compromised by Flax Typhoon.

Image credit: US Treasury Department
Image credit: US Treasury Department

Hacking infrastructure

At the time it identified Integrity Tech, as the company is known, as a front for the threat group.

“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said acting under secretary of the Treasury for terrorism and financial intelligence Bradley T. Smith.

The department said in the summer of 2022 and autumn of 2023 Flax Typhoon hackers accessed several hosts connected with the US and Europe while using infrastructure tied to Integrity Tech.

“During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure,” the Treasury said in a statement.

The sanctions mean property and other interests connected with Integrity Tech are blocked, while those engaging in transactions with the company may themselves be exposed to sanctions or enforcement action.

Government ties

In a separate statement the US State Department said Integrity was linked to China’s Ministry of State Security.

The Integrity hackers were acting “at the direction of the PRC government, targeting critical infrastructure in the United States and overseas”, the State Department said.

China denied the claim that it had been involved in the Treasury hack announced last week, saying the allegation was “groundless”, with its foreign ministry accusing the US of “spreading false information” about China.