Chinese Tech Company Sanctioned For Support Of Malicious Cyber Group

Chinese malicious cyber actors continue to be one of the most active and persistent threats to U.S. national security, recently targeting the Treasury Department’s IT infrastructure.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Integrity Technology Group, Incorporated, a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

Chinese malicious cyber actors continue to be one of the most active and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment. These actors continue to target U.S. government systems as part of their efforts, including the recent targeting of Treasury’s own IT infrastructure.

Malicious Cyber Group
(Image: Adobe Stock / Generated with AI by Space Priest)

“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”

On September 18, 2024, the Federal Bureau of Investigation, in coordination with the Cyber National Mission Force, National Security Agency, and Five Eye partners, published a joint cybersecurity advisory that highlights the tactics, techniques, and procedures of Flax Typhoon, as well as Integrity Tech’s role in supporting its malicious cyber activities.

Flax Typhoon: A State-Sponsored Malicious Cyber Group

Flax Typhoon is a state-sponsored Chinese malicious cyber group that has been active since at least 2021, targeting organizations within U.S. critical infrastructure sectors. Flax Typhoon has compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan. Flax Typhoon exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their network. Flax Typhoon has targeted victims within a wide range of industries.

Between summer 2022 and fall 2023, Flax Typhoon actors accessed several hosts associated with U.S. and European entities. The actors maliciously used virtual private network software and remote desktop protocols to facilitate this access. In summer 2023, Flax Typhoon compromised multiple servers and workstations at a California-based entity.

Integrity Tech Support To Flax Typhoon

Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure.

OFAC is designating Integrity Tech pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, for being responsible for or complicit in, or having engaged in, directly or indirectly cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector.

Sanctions Implications

As a result of this action, all property and interests in property of the designated entity described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.

Read more cybersecurity and business resiliency news on Continuity Insights.

Business Continuity, Cyber, Enterprise Risk, Featured, Security, Technology

China, Critical Infrastructure, Cybersecurity, Department of the Treasury, Flax Typhoon, Integrity Technology Group, Malicious Cyber Group, Office of Foreign Assets Control (OFAC), Sanctions, Tech Company, United States

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...