In a significant move aimed at countering the persistent threat of state-sponsored cyber attacks, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has issued sanctions against Integrity Technology Group, Incorporated. This Beijing-based cybersecurity firm, also known as Yongxin Zhicheng, has been implicated in activities connected with the Chinese hacking group Flax Typhoon. Operating since mid-2021, Flax Typhoon has been targeting a slew of entities across North America, Europe, Africa, and Asia. The group exploits known vulnerabilities and leverages an IoT botnet called Raptor Train to infiltrate systems and employ legitimate remote access software for maintaining persistence.
The Treasury Department singled out Chinese cyber actors as substantial and ongoing threats to U.S. national security. These malicious actors are frequently found attacking U.S. government systems, including those used by federal agencies. Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, underscored the Department’s resolve to hold these cyber actors accountable. He also emphasized the Treasury’s dedication to disrupting these threats and safeguarding national security from persistent cyber attacks.
From mid-2022 to late-2023, the Integrity Group was found providing crucial infrastructure support for Flax Typhoon’s operations. The U.S. Department of State has identified Integrity Group as a government contractor with ties to the PRC’s Ministry of State Security. The cybersecurity firm, founded in September 2010, has a history of working with state security and public security bureaus in China, and it collaborates with other governmental cybersecurity contractors. This relationship underscores the concerning merger between state-sponsored hacking efforts and ostensibly legitimate cybersecurity firms.
Flax Typhoon’s breaches have compromised a diverse range of organizations, including U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations. This breach record highlights the sophistication and sustained nature of these state-backed cyber threats. The increasing frequency and complexity of these attacks have prompted the U.S. government to prioritize collaborative efforts to bolster cyber defenses. Strengthening cybersecurity measures and implementing strategic sanctions are seen as critical steps to countering these enduring threats effectively.