U.S. Treasury Sanctions Beijing-Based Cybersecurity Company for Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has announced sanctions against Integrity Technology Group, Incorporated, a Beijing-based cybersecurity company. The company is accused of orchestrating multiple cyberattacks against U.S. entities. These incidents have been attributed to a Chinese state-sponsored threat actor known as Flax Typhoon (also referred to as Ethereal Panda or RedJuliett).

Flax Typhoon has been implicated in various cyber operations targeting organizations worldwide, utilizing advanced tactics to exploit vulnerabilities and maintain persistent access to victim systems.

Background on Flax Typhoon

Flax Typhoon has been active since at least mid-2021. The group has focused on compromising entities across diverse sectors in North America, Europe, Africa, and Asia. Notably, their operations include:

• Initial Access: Exploiting known vulnerabilities to infiltrate targeted systems.

• Persistence: Using legitimate remote access software to maintain long-term access.

• IoT Botnet Operations: The group gained notoriety for operating the Raptor Train, an Internet of Things (IoT) botnet revealed last year.

These techniques have enabled Flax Typhoon to breach systems belonging to corporations, universities, government agencies, telecommunications providers, and media organizations.

Role of Integrity Technology Group

The sanctions highlight the role of Integrity Technology Group, also known as Yongxin Zhicheng, in supporting Flax Typhoon's cyber campaigns. The U.S. Treasury Department described the company as a critical enabler of Chinese state-sponsored cyber activities, accusing it of providing infrastructure support to Flax Typhoon between mid-2022 and late-2023.

Ties to the Chinese Government

• Integrity Technology Group has been classified as a government contractor linked to the People’s Republic of China (PRC) Ministry of State Security.

• Established in September 2010, the company offers services to various state and municipal security bureaus, as well as other PRC cybersecurity contractors.

U.S. Treasury Statement

"The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions," said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence. "The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses."

U.S. Government’s Response

Chinese cyber actors have been described by the Treasury Department as one of the "most active and persistent threats to U.S. national security." These actors have targeted U.S. government systems, including those associated with federal agencies.

The sanctions against Integrity Technology Group are part of broader efforts to address these threats. The measures aim to:

1. Disrupt Infrastructure Support: Limit the ability of Integrity Technology Group and its affiliates to assist state-sponsored cyber campaigns.

2. Deter Future Activities: Signal the U.S. government’s commitment to countering cyber threats through economic and diplomatic tools.

3. Protect National Security: Encourage collaboration between public and private sectors to bolster cybersecurity defenses.

Conclusion

The actions against Integrity Technology Group reflect the U.S. government's intensified focus on combating cyber threats from Chinese state-sponsored actors. By targeting entities that support malicious operations like those of Flax Typhoon, the U.S. Treasury seeks to disrupt sophisticated cyber campaigns and safeguard critical infrastructure.

The sanctions serve as a reminder of the global nature of cybersecurity threats and the importance of international cooperation to counter malicious actors. As cyber threats continue to evolve, robust defenses and coordinated responses will remain key to protecting national and global security.