It seems that the breach of US telecommunications infrastructure from China is not the only problem facing the country’s authorities. Another group with ties to China, Flax Typhoon, is said to have tried to hack into government agencies to get secret information. Now, the US government has announced sanctions against the Integrity Technology Group for its links to Flax Typhoon.
Integrity Technology Group sanctioned by the US for links to Flax Typhoon
The US Treasury Department’s Office of Foreign Assets Control (OFAC) announced that the Beijing-based cybersecurity company was involved in “malicious cyber-enabled activities.” Flax Typhoon allegedly used a botnet with Integrity Technology Group’s tech to launch DDoS and stealthy attacks on multiple US and European organizations. Authorities were tracking the activity of the botnet under the “Raptor Train” codename.
There were more than 260,000 internet-connected devices in the malicious network. It included cameras, storage devices, and routers, among others. The campaign reportedly took place over a year—between mid-2022 and late-2023. The FBI dismantled the botnet in September 2024, although attackers compromised “multiple servers and workstations at a California-based entity.” The name of the affected organization is still secret.
“Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure,” reads the OFAC statement.
Consequences of sanctions
As a result of the sanctions, US companies will not be able to do business with the Integrity Technology Group—also known as Yongxin Zhicheng. Organizations that violate the ban also face potential severe sanctions. Plus, the government will freeze any Integrity Technology Group’s assets in the country.
Attacks from China are currently “one of the most active and most persistent threats” to the United States, the Treasury statement said. The FBI is still working to address the Salt Typhoon group’s breach of US telecommunications. Additionally, the US Treasury’s sanctions office was the target of a hack last December. The hackers tried to steal classified data about Chinese companies that might face financial sanctions from the US, although they only managed to access declassified information.
2025-01-05 15:05:56