Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US Sanctions Chinese Firm Linked to Flax Typhoon Attacks on Critical Infrastructure

The US Treasury has sanctioned Chinese company Integrity Technology for supporting state-sponsored group Flax Typhoon in hacking US critical infrastructure.

US sanctions Chinese company for hacking

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against a Chinese technology company for supporting cyberattacks against US critical infrastructure.

Based in Beijing, the sanctioned firm, Integrity Technology Group (Integrity Tech), develops and sells cybersecurity products such as network simulation, network security training, and network security competition solutions.

According to the US Treasury, between summer 2022 and fall 2023, Integrity Tech infrastructure was used by the Chinese state-sponsored hacking group Flax Typhoon in cyberattacks against multiple victims.

“During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure,” the US Treasury says.

Active since at least 2021, Flax Typhoon has hit entities in North America, Europe, Africa, and Asia, with a focus on Taiwan, exploiting known vulnerabilities to hack computers and establishing persistent access to the compromised networks.

Flax Typhoon has been observed targeting organizations within various industries, including the US critical infrastructure. Between summer 2022 and fall 2023, the threat actor used VPN and RDP solutions to access hosts associated with US and European entities.

“In summer 2023, Flax Typhoon compromised multiple servers and workstations at a California-based entity,” the US Treasury says.

In September 2024, the US government announced the disruption of Raptor Train, a Flax Typhoon-operated botnet that ensnared more than 260,000 routers, network-attached storage (NAS) devices, and IP cameras.

Advertisement. Scroll to continue reading.

The botnet enabled Flax Typhoon to route traffic, launch distributed denial-of-service (DDoS) attacks, and deliver other malware, and had been used in attacks targeting military, government, higher education, telecommunications, and defense industrial base entities in the US and Taiwan.

In its description of the botnet, the US said that Integrity Tech had controlled and managed the botnet since mid-2021, using “China Unicom Beijing Province Network IP addresses”.

The same IP addresses were also used “to access other operational infrastructure employed in computer intrusion activities against US victims,” the US said.

OFAC is now designating Integrity Tech for its role in cyberattacks targeting US critical infrastructure and the potential threat posed to “national security, foreign policy, or economic health or financial stability of the United States”.

The designation results in Integrity Tech’s property located in the US being blocked and entities and individuals in the US being prohibited from engaging in certain transactions or activities with the Chinese company.

Related: US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters

Related: AP Sources: Chinese Hackers Targeted Phones of Trump, Vance, People Associated With Harris Campaign

Related: Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Related: US Revokes Visas For 1,000 Chinese Under Trump Order

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.