The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a cybersecurity firm based in Beijing, for its involvement in a series of cyberattacks against U.S. targets. The attacks are attributed to Flax Typhoon, a Chinese state-sponsored cyber group believed to have been active since at least 2021, focusing primarily on U.S. critical infrastructure sectors.
According to OFAC, Integrity Tech played a crucial role in supporting the malicious cyber activities of Flax Typhoon between summer 2022 and fall 2023, providing infrastructure that the group used in their attacks on various global targets. These cyber intrusions often involved exploiting publicly known vulnerabilities to gain access to victims’ networks and maintaining control through legitimate remote access tools.
Flax Typhoon has been linked to numerous cyberattacks across the U.S., Europe, Asia, and Africa, with a particular focus on Taiwan. U.S. entities, including government systems and critical infrastructure, were notably targeted. The group’s activities have included the deployment of virtual private network (VPN) software and remote desktop protocols to facilitate their operations. In one instance, Flax Typhoon compromised servers and workstations at a California-based entity in the summer of 2023.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
On September 18, 2024, a joint cybersecurity advisory published by the Federal Bureau of Investigation (FBI) and several U.S. intelligence agencies, including the Cyber National Mission Force, the National Security Agency, and Five Eyes partners, highlighted the methods and techniques used by Flax Typhoon, further outlining Integrity Tech’s role in facilitating these cyber operations.
As part of the sanctions, all property and assets tied to Integrity Tech in the United States are now blocked. U.S. persons and entities are prohibited from engaging in transactions with the company or any entity controlled by Integrity Tech. This includes the provision of funds, goods, or services, as well as receiving them from blocked individuals or entities. Financial institutions and other businesses engaging with the sanctioned company may also face sanctions or enforcement actions.
The U.S. government’s actions underscore the growing concern over the persistent threat posed by Chinese state-sponsored cyber actors, which continue to target and compromise critical infrastructure, threatening national security and economic stability. This sanction also aligns with broader efforts to strengthen cybersecurity defenses and counteract foreign influence in the digital domain.
In response to the latest sanctions, U.S. officials have emphasized their commitment to protecting critical infrastructure and holding accountable those who attempt to exploit vulnerabilities for malicious purposes. The ongoing investigation into these cyberattacks remains a priority as part of the broader fight against state-sponsored cyber threats.
During the prior year, in a statement to Reuters, the Chinese Embassy in Washington rejected U.S. conclusions, claiming that American authorities had “jumped to an unwarranted conclusion” and made “groundless accusations” against China. The embassy emphasized that Beijing takes a firm stance against all forms of cyberattacks.
Western bodies have raised growing concerns over a hacking group known as ‘Volt Typhoon’, which was first identified in 2023. The group is suspected of engaging in cyber sabotage aimed at gaining access to critical U.S. infrastructure. U.S. officials have attributed the group to Chinese backing, while Beijing has dismissed the allegations, suggesting that ‘Volt Typhoon’ is merely a ransomware gang.
FBI Director Christopher Wray confirmed that an operation targeting ‘Flax Typhoon’, a related Chinese-backed group, took place as part of efforts to dismantle China’s botnets. Like ‘Volt Typhoon’, ‘Flax Typhoon’ has focused its cyberattacks on critical infrastructure, but its targets also include corporations, media outlets, universities, and government agencies. Wray explained that to obscure their activities, ‘Flax Typhoon’ routed their malicious traffic through a “botnet”—a network of hijacked devices, including cameras and digital storage devices.
