We support our Publishers and Content Creators. You can view this story on their website by CLICKING HERE.

Flax Typhoon, which had a botnet of 200,000 devices worldwide, was operating from Integrity Technology’s infrastructure, the Treasury said.

The United States sanctioned a Chinese cybersecurity company on Friday over its role in the hacking of U.S. computer systems by state-backed cyber espionage group Flax Typhoon.

The company, Beijing-based Integrity Technology Group Inc., is a state contractor linked to the Chinese regime’s Ministry of State Security, according to a statement by U.S. State Department spokesperson Matthew Miller.

The Treasury said that Flax Typhoon actors used infrastructure tied to Integrity Tech during the group’s hacking campaign between the summer of 2000 and the fall of 2023, routinely sending and receiving information from the infrastructure.

It also said Flax Typhoon “has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors,” and that Chinese cyber actors continue to target U.S. government systems, including the Treasury’s infrastructure.

Miller said the group has managed to compromise “corporations, universities, government agencies, telecommunications providers, and media organizations” in the United States and elsewhere.

Friday’s sanctions mean all Integrity Technology’s property and interests in property in the United States will be blocked and must be reported to the Treasury’s Office of Foreign Assets Control, the office said.

Related Stories

Telecom Providers Say Networks Are Secure Following Chinese Salt Typhoon Hack
Security Experts Call for Stronger US Response to Counter China’s Cyber Espionage

U.S. persons are banned from having transactions that involve any such property or interests in property. Financial institutions and others in violation of the sanctions could get sanctioned themselves.

“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”

Multi-agency actions against Flax Typhoon “reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners,” Miller said.

“The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors.”

The cyber-espionage group was dubbed Flax Typhoon by Microsoft, which said in August 2023 that the Chinese state-backed group had spied on organizations “across a broad range of industries” in Taiwan “for as long as possible.”
In September 2024, the U.S. Department of Justice said a court-authorized law enforcement operation had disrupted Flax Typhoon’s botnet, which consisted of 200,000 infected devices in the United States and worldwide.
In recent months, the United States has identified another Chinese hacking group, dubbed by Microsoft as Salt Typhoon, which the White House said has compromised nine U.S. telecom networks and targeted high-profile government officials and politicians.
On Dec. 10, the FBI said malware from Salt Typhoon, Flax Typhoon, and a third Beijing-backed group, Volt Typhoon, were still embedded in some U.S. systems.