US Sanctions State-Backed Hacking Campaigns with a Chinese Cybersecurity Company
Integrity Technology Group, Incorporated, a cybersecurity firm based in Beijing, was sanctioned by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday for planning multiple cyberattacks against victims in the United States. The Chinese state-sponsored threat actor Flax Typhoon, also known as Ethereal Panda or RedJuliett, has been openly blamed for these attacks. Last year, it was revealed to be running the Raptor Train Internet of Things (IoT) botnet.
Integrity Technology Group, Incorporated, a cybersecurity firm based in Beijing, was sanctioned by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday for planning multiple cyberattacks against victims in the United States. The Chinese state-sponsored threat actor Flax Typhoon, also known as Ethereal Panda or RedJuliett, has been openly blamed for these attacks. Last year, it was revealed to be running the Raptor Train Internet of Things (IoT) botnet.
Since at least the middle of 2021, the hacking team has been active, targeting several organizations in North America, Europe, Africa, and Asia. Flax Typhoon attacks have generally used well-known flaws to obtain early access to victims' machines, followed by the use of authentic remote access software to sustain ongoing access. One of the "most active and most persistent threats to U.S. national security," according to the Treasury Department, are Chinese malevolent cyber actors that frequently attack U.S. government systems, including those connected to the federal agency.
Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith declared, "The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions." "The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses."
The U.S. Department of State has classified Integrity Group, also known as Yongxin Zhicheng, as a government contractor with connections to the People's Republic of China (PRC) Ministry of State Security. Integrity Group has been accused of providing infrastructure support to Flax Typhoon cyber campaigns between mid-2022 and late-2023. In September 2010, it was founded.
"It provides services to country and municipal State Security and Public Security Bureaus, as well as other PRC cybersecurity government contractors," stated the State Department.
"'Flax Typhoon' hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations."
