US sanctions Chinese cyber firm linked to Flax Typhoon hacks

The U.S. government has sanctioned a Beijing-based cybersecurity company over its alleged links to a China government-backed hacking group, tracked as Flax Typhoon.

The Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday announced the sanctions against the Integrity Technology Group for its role in “multiple computer intrusion incidents against U.S. victims,” including U.S. critical infrastructure.

The sanctions land months after the U.S. government accused Integrity Technology, also known as Yongxin Zhicheng, of running a botnet associated with the Flax Typhoon hacking group. 

The botnet, which was dismantled by the FBI in a court-authorized operation in September, was made up of more than 260,000 internet-connected devices, including cameras, storage devices, and routers, according to a joint advisory published by the FBI and the National Security Agency at the time. The agencies said the botnet had been operated and controlled by the Integrity Technology Group since 2021 to conceal the activities of the Flax Typhoon hackers. 

The Treasury said in its statement that Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple U.S. and European organizations between mid-2022 and late-2023. The hacking victims were not named, but the Treasury added that the China-backed hacking group compromised “multiple servers and workstations at a California-based entity.” 

According to a separate press release published by the U.S. Department of State on Friday, Flax Typhoon successfully targeted multiple U.S. universities, government agencies, telecommunications providers, and media organizations.

The new sanctions, which designate Integrity Tech as an organization involved in “malicious cyber-enabled activities,” come just days after the Treasury confirmed it was subject to a cyberattack in December that it attributed to China government-backed hackers. The hackers reportedly targeted the Treasury’s sanctions office, OFAC, during the intrusion, which gave the hackers remote access to Treasury employees and access to unclassified documents.

U.S. officials told The Washington Post that the intrusion may have given the hackers access to information about Chinese organizations that the U.S. government may be considering designating for financial sanctions.

A spokesperson for the Treasury did not return TechCrunch’s request for comment. In its statement Friday, the Treasury called Chinese malicious actors “one of the most active and most persistent threats” facing U.S. national security, referencing the targeting of the Treasury’s own IT infrastructure.

Integrity Tech, which is traded on the Shanghai Stock Exchange, did not respond to TechCrunch’s questions.