US Sanctions Chinese Firm Linked to Flax Typhoon Cyberattacks

In a decisive move to counter cyber threats, the United States has imposed sanctions on Beijing-based cybersecurity company Integrity Technology Group, also known as Yongxin Zhicheng Technology Group. The firm is accused of supporting the state-sponsored hacking group "Flax Typhoon" in conducting cyberattacks against U.S. critical infrastructure.

Background on Flax Typhoon

Active since at least 2021, Flax Typhoon has targeted organizations across various sectors, including government agencies, telecommunications providers, and media organizations. The group exploits known vulnerabilities to gain initial access and utilizes legitimate remote access tools to maintain persistent, long-term access within compromised networks. Their operations have extended beyond the United States, affecting entities in North America, Europe, Africa, and Asia, with a particular focus on Taiwan.

Details of the Sanctions

On January 3, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against Integrity Technology Group. These measures block the company's access to U.S. property and financial systems, effectively prohibiting American individuals and entities from conducting business with the firm. The sanctions aim to disrupt the support network enabling Flax Typhoon's cyber activities.

Evidence Linking Integrity Technology Group

According to U.S. authorities, between summer 2022 and fall 2023, Flax Typhoon utilized infrastructure tied to Integrity Technology Group to conduct cyber intrusions. The group routinely exchanged information through the company's systems, facilitating unauthorized access to multiple U.S. and European entities. Notably, in the summer of 2023, Flax Typhoon compromised several servers and workstations at a California-based organization.

Disruption of Flax Typhoon's Botnet

In September 2024, the Federal Bureau of Investigation (FBI) and partner agencies dismantled a massive botnet operated by Flax Typhoon. This botnet comprised over 260,000 compromised devices, including routers, network-attached storage devices, and IP cameras. Integrity Technology Group was identified as controlling and managing the botnet since mid-2021, using it to route malicious traffic, launch distributed denial-of-service (DDoS) attacks, and deliver other malware.

China's Response

The Chinese government has criticized the U.S. sanctions, labeling them as baseless and defamatory. China's Foreign Ministry spokesperson stated that the country has consistently cracked down on cyberattacks and accused the U.S. of using the issue to "defame and smear China." Integrity Technology Group also denied the allegations, asserting that the sanctions lack factual basis and will not impact their business operations, as they do not operate within the United States.

Implications and Future Outlook

This action underscores the United States' commitment to combating cyber threats and holding malicious cyber actors accountable. By targeting entities that provide support to hacking groups like Flax Typhoon, the U.S. aims to disrupt the infrastructure enabling such operations. The sanctions serve as a warning to other organizations that may be complicit in cyber espionage activities, emphasizing the potential consequences of facilitating state-sponsored hacking campaigns.

Conclusion

The imposition of sanctions on Integrity Technology Group represents a significant step in the ongoing efforts to safeguard U.S. critical infrastructure from cyber threats. As cyber espionage tactics continue to evolve, coordinated actions and international cooperation remain essential in addressing the challenges posed by state-sponsored hacking groups.