US Imposes Sanctions on Chinese Firm for Involvement in Flax Typhoon Hacking

January 3, 2025 TruthUSA

The Treasury Department has reported that Flax Typhoon, which operated a botnet comprising 200,000 devices globally, was utilizing the infrastructure of Integrity Technology.

On Friday, the United States imposed sanctions on a Chinese cybersecurity firm for its involvement with the hacking of U.S. computer systems conducted by the state-sponsored cyber espionage group Flax Typhoon.

The firm in question, Integrity Technology Group Inc., which is based in Beijing, is a contractor for the state and is associated with the Ministry of State Security of the Chinese regime, according to a statement from U.S. State Department spokesperson Matthew Miller.

The Treasury noted that during the hacking operations that took place from the summer of 2000 to the fall of 2023, Flax Typhoon’s actors relied on infrastructure linked to Integrity Technology, frequently exchanging information through this infrastructure.

Additionally, it was stated that Flax Typhoon “has been operational since at least 2021, frequently targeting entities within critical infrastructure sectors in the U.S.,” and that Chinese cyber actors persist in their efforts to penetrate U.S. government systems, including the Treasury’s infrastructure.

Miller pointed out that the group has succeeded in infiltrating “corporations, universities, government entities, telecommunications firms, and media organizations” both in the United States and internationally.

As a result of the sanctions imposed on Friday, all properties and interests held by Integrity Technology in the U.S. will be frozen and need to be reported to the Treasury’s Office of Foreign Assets Control, according to the office announcement.

Transactions involving any property or interests of Integrity Technology in the U.S. are prohibited for American citizens. Financial institutions and others who breach these sanctions could face penalties themselves.

“The Treasury Department remains committed to holding accountable those malicious cyber actors and their facilitators for their actions,” stated Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence. “The United States will utilize all available resources to mitigate these threats while continuing our collaborative efforts to enhance cyber defenses in both public and private sectors.”

Actions taken against Flax Typhoon by multiple agencies demonstrate “our comprehensive governmental strategy to safeguard against PRC cyber threats aimed at Americans, our critical infrastructures, and those of our allies and partners,” Miller remarked.

“The United States will persist in employing all avenues at its disposal to protect U.S. critical infrastructure and the American populace from irresponsible and reckless cyber actors.”

Flax Typhoon, a cyber-espionage group, was named by Microsoft, which reported in August 2023 that the group, backed by the Chinese state, had been surveilling various organizations in Taiwan “for as long as possible.”

In September 2024, the U.S. Department of Justice announced that a law enforcement operation sanctioned by a court had dismantled Flax Typhoon’s botnet, comprised of 200,000 infected devices across the U.S. and globally.

Recently, the U.S. has also identified another Chinese hacking group, referred to as Salt Typhoon by Microsoft, which the White House stated has infiltrated nine U.S. telecom networks and has focused on high-profile government officials and politicians.

On December 10, the FBI reported that malware from Salt Typhoon, Flax Typhoon, and another Beijing-backed group, Volt Typhoon, was still embedded within certain U.S. systems.

Source link