US Department of Treasury Sanctions Beijing Cybersecurity Company for Role in Chinese Cyberespionage
Integrity Technology Group Accused of Providing Infrastructure for Flax Typhoon’s Operations
The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company, Integrity Technology Group (Integrity Tech), for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.
Integrity Tech is accused of providing the computer infrastructure that Flax Typhoon used in its operations between the summer of 2022 and fall 2023. The company also maintained the command-and-control infrastructure for a botnet consisting of more than 260,000 compromised IoT devices.
Flax Typhoon’s Botnet
Flax Typhoon’s botnet dates back to at least 2021 and is based on Mirai, a family of malware for Linux-based IoT devices. The botnet uses known exploits to compromise routers, firewalls, IP cameras, digital video recorders, network-attached storage devices, and other Linux-based servers.
As of June, the botnet had over 260,000 active nodes, but the database on its command-and-control servers listed over 1.2 million compromised devices, including 385,000 based in the US. The botnet can be used to launch DDoS attacks, and nodes can also be commanded to exploit other traditional devices on the same networks.
Flax Typhoon’s Tactics
Flax Typhoon’s hackers often deploy legitimate remote access programs to maintain persistent control once they gain access to a network of interest. The group has compromised computer networks in North America, Europe, Africa, and Asia, with a particular focus on Taiwan, which is at the center of China’s geopolitical interests.
Sanctions and Impact
OFAC’s sanctions block all of Integrity Tech’s assets that are in the US or in control of US persons. The assets of entities where Integrity Tech has over 50% ownership are also blocked, and all individuals and organizations are prohibited from engaging in commercial or financial transactions with them or the Chinese company.
Conclusion
The sanctions against Integrity Technology Group highlight the ongoing threat posed by Chinese cyberespionage groups and the importance of taking action to prevent and disrupt their activities. The US Department of Treasury’s action demonstrates its commitment to protecting US national security and preventing the misuse of US financial systems.
FAQs
- What is Flax Typhoon? Flax Typhoon is a Chinese cyberespionage group active since 2021 and also known as RedJuliett and Ethereal Panda.
- What is Integrity Technology Group? Integrity Technology Group is a Beijing cybersecurity company accused of providing infrastructure for Flax Typhoon’s operations.
- What is the significance of the sanctions against Integrity Technology Group? The sanctions block all of Integrity Tech’s assets in the US or in control of US persons and prohibit commercial or financial transactions with them or the Chinese company.
- What is the impact of the botnet on US organizations? The botnet can be used to launch DDoS attacks and compromise traditional devices on the same networks, posing a threat to US organizations and critical infrastructure.
- What is the significance of the US Department of Treasury’s action? The action demonstrates the US Department of Treasury’s commitment to protecting US national security and preventing the misuse of US financial systems.
