Skip to main content
close search
site logo
Dive Brief

US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

Published Jan. 6, 2025
David Jones's headshot
Reporter
FBI Director Chris Wray announces a major operation to disrupt a state-linked botnet, during a speech the Aspen Cyber Summit, Sept. 18, 2024.
FBI Director Chris Wray announces a major operation to disrupt a state-linked botnet, during a speech the Aspen Cyber Summit, Sept. 18, 2024. A Treasury Department office has issued sanctions against a firm linked to Flax Typhoon, the threat actor behind the botnet operation. Permission granted by Aspen Cyber Summit, Laurence Genon

Dive Brief:

  • The Office of Foreign Assets Control has imposed sanctions on a Beijing-based cybersecurity company linked to the state-sponsored threat group, Flax Typhoon, the Department of Treasury said Friday. 
  • The agency said Integrity Technology Group Inc. has engaged in a series of malicious cyber activities against various critical infrastructure providers and other targets in the U.S. Between the summer of 2022 and fall 2023, Flax Typhoon engaged in exploitation activity using Integrity Technology infrastructure, according to U.S. officials.
  • “The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary for Terrorism and Financial Intelligence Bradley Smith, in a statement. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”

Dive Insight:

Flax Typhoon is one of several state-linked threat groups that has engaged in attacks against U.S. critical infrastructure in recent years. Officials said Flax Typhoon has been active since at least 2021, compromising computer networks in North America, Europe, Africa and Asia, with particular focus on Taiwan.

Officials said from 2022 to 2023, Flax Typhoon used VPN software and remote desktop protocols to help gain access to hosts in the U.S. and Europe. Flax Typhoon compromised servers and workstations at a California-based organization, according to officials.

According to the State Department, Flax Typhoon hackers have successfully targeted the U.S. government, telecommunications providers, media organizations and several American and foreign companies.

In September 2024, the FBI said it disrupted a botnet that compromised more than 260,000 devices worldwide in order to target critical infrastructure in the U.S. and other countries. The botnet, linked to Flax Typhoon, compromised small office/home office routers and other connected devices, exploiting them with a Mirai malware variant to target critical infrastructure for DDoS attacks and theft. 

The FBI in September issued an international advisory with the Five Eyes intelligence partners highlighting the threat posed by Flax Typhoon. The advisory detailed the alleged role of Integrity Technology. 

The U.S. in recent months has also been investigating a series of attacks from another China state-linked threat group called Salt Typhoon targeting the telecom industry 

Officials at the Foundation for Defense of Democracies said the sanctions are appropriate and the minimum the U.S. should be doing. 

“Flax Typhoon is yet another successful [Chinese Communist Party] effort to use cyber tools to conduct espionage, intellectual property theft and preparation of the cyber battlefield to weaken U.S national security and economic productivity,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at FDD, said via email.

Montgomery said the CCP is launching a full scale cyber campaign against the U.S. and the country is not prepared for the fight.

Editors' picks

Company Announcements

View all | Post a press release
American Trust Retirement Data Breach Investigation
From Migliaccio and Rathod LLP
January 07, 2025
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Threats
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.