The U.S. Treasury Department has imposed sanctions on Beijing-based cybersecurity company Integrity Tech, citing its role in cyberattacks orchestrated by the Chinese state-sponsored hacking group Flax Typhoon.
According to the Treasury’s Office of Foreign Assets Control (OFAC), Integrity Tech’s infrastructure was used to facilitate cyberattacks targeting networks in Europe and the United States for over a year, beginning in the summer of 2022.
“Between summer 2022 and fall 2023, Flax Typhoon leveraged infrastructure linked to Integrity Tech to carry out computer network exploitation activities against multiple victims. During this period, the group routinely transmitted and received information via Integrity Tech systems,” OFAC stated.
The hackers exploited virtual private network (VPN) software and remote desktop protocols to infiltrate systems. In mid-2023, they compromised several servers and workstations at a California-based organization, highlighting the group’s ability to target critical infrastructure.
These sanctions come after a September 2024 operation authorized by U.S. courts to dismantle a botnet known as “Raptor Train.” This network, controlled by Integrity Tech (also referred to as Yongxin Zhicheng), included hundreds of thousands of compromised devices worldwide. The botnet was used for distributed denial-of-service (DDoS) attacks and served as a proxy for stealthy cyber intrusions targeting industries like government, telecommunications, defense, and education, focusing on U.S. and Taiwanese entities.
Over four years of activity, starting in May 2020, Raptor Train evolved into a sophisticated, multi-layered network. It infected more than 260,000 devices, including routers, modems, IP cameras, network-attached storage (NAS) servers, and other hardware, making it a powerful tool for cyber espionage.
“Integrity Tech is a significant contractor for the Chinese government, with ties to the Ministry of State Security. It works closely with State Security and Public Security Bureaus at various levels, as well as other government cybersecurity contractors,” the State Department revealed.
The department also confirmed that hackers associated with Integrity Tech, identified in the private sector as “Flax Typhoon,” acted under the direction of the Chinese government, targeting critical U.S. and international infrastructure.
The sanctions prohibit U.S. individuals and organizations from conducting business with Integrity Tech, freeze any U.S.-based assets linked to the company, and impose penalties on foreign entities engaging in transactions with the sanctioned firm.
In a related development, the Treasury Department disclosed earlier this week that unknown Chinese state-sponsored hackers had breached its network. The attackers appeared to focus on gathering intelligence from OFAC, likely to anticipate future sanctions against Chinese individuals and organizations.
Additionally, another Chinese-backed group, referred to as “Salt Typhoon,” has been implicated in breaches affecting nine major U.S. telecom companies, including Verizon, AT&T, and Lumen, further underscoring the broad scope of cyber threats originating from state-sponsored entities in China.
