US sanctions China-based hackers’ cybersecurity service provider
The United States Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a Beijing-based cybersecurity company and accused it of supporting a group of hackers who had attacked American organizations.
The OFAC said Integrity Technology Group was involved in multiple computer intrusion incidents against US victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within US critical infrastructure sectors.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Bradley Smith, acting undersecretary of the Treasury for Terrorism and Financial Intelligence. “The US will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
According to the OFAC, Flax Typhoon has compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan. It exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their networks.
Between mid-2022 and late 2023, OFAC said, Flax Typhoon actors used infrastructure tied to Integrity Tech during hacking activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Technology infrastructure.
“On this kind of unwarranted and groundless allegations, we’ve made clear our position more than once,” Mao Ning, a spokesperson of the Chinese Foreign Ministry, said in a media briefing.