The U.S. government has officially sanctioned Beijing-based cybersecurity firm Integrity Technology Group for its direct ties to the state-sponsored hacking collective known as Flax Typhoon. The move, executed by the Treasury Department’s Office of Foreign Assets Control (OFAC) this Friday, aims to cripple the infrastructure used in wide-scale cyber intrusions against American critical infrastructure.
Targeting the Flax Typhoon Botnet
These sanctions follow intense scrutiny regarding Integrity Technology—also identified as Yongxin Zhicheng—and its operation of a massive botnet linked to Flax Typhoon. In September, the FBI dismantled this network through a court-authorized operation, uncovering a sophisticated system comprising over 260,000 internet-connected devices, including routers, cameras, and storage units.
According to a joint advisory from the FBI and the National Security Agency, Integrity Technology had been managing this botnet since 2021. The primary objective was to mask the malicious activities of Flax Typhoon hackers as they infiltrated high-value targets.
Global Scope of Cyber Espionage
Treasury officials revealed that between mid-2022 and late-2023, Flax Typhoon leveraged Integrity Tech’s infrastructure to compromise numerous organizations across the U.S. and Europe. While the specific victims remain undisclosed, the campaign successfully breached workstations and servers at a California-based entity.
A separate report from the U.S. Department of State confirms that the group specifically targeted multiple U.S. universities, telecommunications providers, media organizations, and government agencies.
Retaliation for Treasury Department Breach
The designation of Integrity Tech as an entity involved in “malicious cyber-enabled activities” occurs just days after the Treasury Department confirmed a December cyberattack of its own. Officials attributed the intrusion to China-backed hackers who successfully targeted the agency’s sanctions office (OFAC).
The breach granted the attackers remote access to Treasury employees and unclassified documentation. Reports from The Washington Post suggest the hackers may have gained access to sensitive data regarding Chinese organizations currently under consideration for U.S. financial sanctions.
A Persistent National Security Threat
Despite the formal announcement, Integrity Technology, which is publicly traded on the Shanghai Stock Exchange, has remained silent and failed to respond to inquiries. The Treasury Department emphasized that Chinese malicious actors represent “one of the most active and most persistent threats” to U.S. national security, citing the brazen targeting of the Treasury’s internal IT infrastructure as a primary concern.