The United States Treasury Department has sanctioned Beijing-based Integrity Technology Group for its purported role in Chinese government-backed cyberattacks that targeted critical US infrastructure. The company also goes by the name Integrity Tech and was accused of participating in “multiple computer intrusion incidents against US victims” according to a Treasury Department statement released Friday.
The sanctions come in response to activities linked to a Chinese-sponsored hacking group nicknamed Flax Typhoon, which the Treasury says has been “known for frequently targeting organizations in US critical infrastructure sectors” since at least 2021.
The department emphasized that “Chinese malicious cyber actors continue to be one of the most active and most persistent threats to US national security.”
United States Sanctions Chinese Tech Firm Following Alleged State-Sponsored Hacking
What makes this round of sanctions timely is the fact that it follows closely on the heels of a recent Treasury announcement regarding a “major cybersecurity incident” in which Chinese state-sponsored hackers allegedly compromised workstations and accessed unclassified documents. The White House confirmed that President Biden has been briefed on the situation.
Beijing has rejected these allegations strongly, with Chinese foreign ministry spokesperson Mao Ning terming them “groundless” and accusing the US of “spreading false information about China for political purposes.”
The US State Department elaborated, revealing that Integrity Tech has ties to China’s Ministry of State Security. As they said in their statement, the hackers operating on behalf of the company were doing so “at the direction of the PRC government, targeting critical infrastructure in the United States and overseas.”
State Department spokesperson Matthew Miller was keen to highlight the coordination in the process stating that “these multi-agency efforts reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners.”
Sanctions followed an operation by the US Department of Justice in September aimed at disrupting a massive botnet comprising over 200,000 infected consumer devices worldwide.
US Accuses Chinese Firm of Enabling Cyberespionage
According to the FBI, Integrity Tech is the manager of those compromised devices which allegedly supported the malicious cyber activities of Flax Typhoon.
The Treasury Department stated that Flax Typhoon leveraged Integrity Tech’s infrastructure to reach computer networks stretching across continents, taking a special “focus on Taiwan.” Apparently, between the summer of 2022 and the autumn of 2023, the group accessed multiple US and European entities, including a significant breach of multiple servers and workstations at a California-based organization in the summer of 2023.
Bradley Smith, the acting undersecretary for terrorism and financial intelligence at Treasury, said the US is committed to addressing these threats, adding that “the United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
In 2010, Integrity Tech described itself as China and Beyond’s cutting-edge technology research network security service provider. Its headquarters is in Beijing, and there are four regional offices, one in Hong Kong. The firm’s clients come from the finance, telecommunications, government, military, and energy sectors. Despite sending multiple emails, attempts to comment from Integrity Tech were unsuccessful because all remained unanswered.
These developments outline ongoing disputes between the United States and China within the cyber domain that increasingly focus on protecting critical infrastructure from state-sponsored cyber attacks.
