U.S. Imposes Sanctions on Chinese Cybersecurity Company Over State-Sponsored Hacking Activities

On Friday, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took decisive action by imposing sanctions on Integrity Technology Group, Incorporated, a cybersecurity firm based in Beijing. The firm has been implicated in orchestrating a series of cyber attacks that target U.S. entities.

These cyber assaults have been linked to a Chinese state-sponsored actor known as Flax Typhoon, also referred to as Ethereal Panda or RedJuliett. This group is understood to be responsible for deploying an Internet of Things (IoT) botnet named Raptor Train, with activity traced back to mid-2021. Their operations have impacted diverse targets across North America, Europe, Africa, and Asia.

Flax Typhoon typically exploits known vulnerabilities to achieve initial access to victim systems, subsequently utilizing legitimate remote access software to maintain ongoing control. Such tactics suggest that adversary methods identified in the MITRE ATT&CK framework, including initial access, persistence, and privilege escalation, are likely at play in these incidents.

The Treasury Department reiterated the significant threat posed by Chinese cyber actors, characterizing them as among the “most active and persistent threats to U.S. national security.” They have repeatedly targeted vital government systems, including those connected to various federal agencies.

Integrity Technology Group, also known as Yongxin Zhicheng, has been accused of facilitating Flax Typhoon’s cyber operations by providing essential infrastructure support from mid-2022 through late-2023. The U.S. Department of State has categorized it as a contractor affiliated with the People’s Republic of China (PRC) Ministry of State Security since its establishment in September 2010.

The organization reportedly offers services to various state security and public safety bureaus in China, along with other government contractors involved in cybersecurity. Evidence suggests that Flax Typhoon has successfully targeted numerous U.S. and international corporations, academic institutions, government agencies, telecommunications providers, and media outlets.

In response to the ongoing threat landscape, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized the commitment of the Treasury Department to hold accountable those engaging in malicious cyber activities. He stated, “The United States will use all available tools to disrupt these threats, while collaborating to strengthen cyber defenses across the public and private sectors.”

The escalation of cyber threats from state-sponsored actors demands vigilant attention from U.S. businesses and organizations. As the cyber landscape evolves, companies must adopt proactive security measures and foster resilience against the persistent risks posed by entities like Flax Typhoon.