The U.S. Treasury Department has announced sanctions against Beijing-based Integrity Technology Group, Inc. (Integrity Tech) for their involvement with the Flax Typhoon hacking group. The group, believed to be state-sponsored by China, used Integrity Tech's systems to orchestrate cyberattacks on U.S. and European networks for over a year.

Cyber Exploitation and Sanctions

According to the Treasury’s Office of Foreign Assets Control (OFAC), between summer 2022 and fall 2023, Flax Typhoon hackers exploited Integrity Tech's infrastructure extensively during cyber infiltration campaigns. These hackers applied virtual private network (VPN) software and remote desktop protocols as tactics to breach and control victim systems. In summer 2023, they infiltrated servers and workstations belonging to a California-based target. The sanctions come on the heels of a broad operation authorized by the court in September 2024, aiming to dismantle a massive botnet known as "Raptor Train." This network, comprising hundreds of thousands of compromised devices globally, had been utilized by Flax Typhoon for distributed denial-of-service (DDoS) attacks. The operation was a coordinated effort involving the FBI, the Cyber National Mission Force, the NSA, and Five Eyes intelligence partners.

Raptor Train and Cyber Assaults

Since its inception in May 2020, Raptor Train evolved into a sophisticated network affecting over 260,000 devices such as routers, modems, IP cameras, and network-attached storage servers. FBI Director Christopher Wray, speaking at the Aspen Cyber Summit in September, confirmed that Flax Typhoon’s activities were directed by the Chinese government. Their operations have spanned North America, Europe, Africa, and Asia, with particular emphasis on targets in Taiwan. They exploited known vulnerabilities to gain initial access and used legitimate remote access tools to maintain control over compromised networks.

Impact of Sanctions

These sanctions bar U.S. organizations and citizens from engaging in transactions with Integrity Tech, and any assets they hold in the U.S. will be frozen. Moreover, financial institutions and other entities abroad that do business with Integrity Tech could be subject to U.S. penalties. Following the sanctions announcement, the Treasury reported a breach within its network attributed to Chinese threat actors, specifically targeting the OFAC department. This attack is believed to be an intelligence-gathering effort in anticipation of future sanctions against Chinese entities. Additionally, Salt Typhoon, another state-backed Chinese hacking group, has been implicated in recent breaches of several U.S. telecommunication companies, including Verizon, AT&T, and Lumen.

The link has been copied!