The US Treasury Department announced on Friday that it has implemented new sanctions on Integrity Technology Group, Incorporated (Integrity Tech), a Chinese cybersecurity technology company accused by Western officials of being the mastermind behind a large Chinese hacker group known as “Flax Typhoon.”
Last year, FBI Director Christopher Wray spoke at a cybersecurity conference, alleging that Integrity Technology Group, based in Beijing, masquerades as an IT company while secretly collecting intelligence for the Chinese government’s security apparatus. Chinese officials denied the accusations, criticizing the US and its allies for making unfounded claims against China.
According to the US Treasury Department’s press release, Integrity Tech played a role in multiple computer intrusion incidents targeting American victims.
The press release described “Flax Typhoon” as a state-sponsored malicious network organization from China active since at least 2021, targeting critical infrastructure sectors in the US by exploiting vulnerabilities to gain initial access to victims’ computers and then maintaining control over their networks using legitimate remote access software.
Examples of Integrity Tech’s support for “Flax Typhoon” were disclosed in the press release, including instances where the hackers used infrastructure related to Integrity Tech during cyber attacks against multiple victims between the summer of 2022 and the fall of 2023.
The Treasury Department’s Office of Foreign Assets Control (OFAC) designated Integrity Tech for directly or indirectly engaging in, supporting, or participating in network activities initiated or directed by individuals outside the US, which pose significant threats to US national security, foreign policy, economic health, or financial stability.
All assets and property interests within the US or owned or controlled by Americans associated with Integrity Tech have been frozen and must be reported to OFAC. Transactions involving designated or restricted individuals or their property interests in the US are generally prohibited unless authorized by OFAC.
Financial institutions and individuals engaging in certain transactions or activities with sanctioned entities or individuals may face sanctions or enforcement actions. Prohibitions include providing funds, goods, or services to designated persons, receiving funds, goods, or services from them, or dealing with their property or interests.
The press release emphasized that malicious cyber actors from China remain one of the most active and persistent threats to US national security, targeting US government systems, including recent attacks on the Treasury Department’s own IT infrastructure.
Bradley T. Smith, Deputy Assistant Secretary of the Treasury responsible for terrorism and financial intelligence, stated that the Treasury Department will hold malicious cyber actors and their supporters accountable. The US will use all available tools to eliminate these threats and continue collaborating to strengthen cybersecurity defense in the public and private sectors.