Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.
The United States has announced new sanctions targeting a Chinese cybersecurity firm over accusations that the company is facilitating state-sponsored hacking activities on behalf of the Chinese government.
Some shit you should know before you read: Over the last decade, China has relied heavily on state-sponsored independent entities to conduct cyber-espionage and hacking campaigns, allowing the Chinese government to deny direct involvement and minimize political fallout. These proxy organizations, often cybersecurity firms or state-affiliated groups, act under the direction of Beijing’s intelligence apparatus to target critical infrastructure, government agencies, and private companies worldwide. A recent example includes the breach of the US Treasury Department’s systems by Chinese state-sponsored actors, where hackers accessed sensitive unclassified documents, including information tied to the Treasury’s sanctions office.
What’s going on now: In an announcement, the Treasury Department revealed new sanctions against Integrity Technology Group, a Beijing-based cybersecurity firm, accusing it of facilitating cyber-espionage activities tied to the Chinese hacking group Flax Typhoon. The sanctions block all property and interests of Integrity Tech within the United States and mandate their disclosure to the Office of Foreign Assets Control (OFAC). Treasury officials claim that Integrity Tech has supported Flax Typhoon’s operations by providing infrastructure and resources essential to its cyber campaigns. This state-sponsored group, active since at least 2021, has targeted critical infrastructure, government entities, and private organizations in the United States and abroad.
Flax Typhoon operates by leveraging publicly available software vulnerabilities to gain initial access to networks and employs legitimate remote desktop protocols to maintain ongoing access, ensuring prolonged data extraction and surveillance. The group has used a botnet of over 260,000 devices—managed with Integrity Tech’s infrastructure—to conceal its activities and facilitate its cyber intrusions. Between 2022 and 2023, Flax Typhoon actors accessed numerous servers and workstations linked to US and European entities, using this infrastructure to compromise sensitive data.
US officials react: In a statement, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said, “The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions. The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”