The United States sanctioned a Chinese cybersecurity company on Friday over its role in the hacking of U.S. computer systems by China-backed cyber espionage group Flax Typhoon.
The Treasury said that Flax Typhoon actors used infrastructure tied to Integrity Tech during the group’s hacking campaign between the summer of 2022 and the fall of 2023, routinely sending and receiving information from the infrastructure.
U.S. persons are banned from having transactions that involve any such property or interests in property. Financial institutions and others in violation of the sanctions could get sanctioned themselves.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
Multi-agency actions against Flax Typhoon “reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners,” said Miller, using the official acronym of the Chinese regime under the Chinese Communist Party, the People’s Republic of China.
“The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors.”
According to the department, Flax Typhoon actors used malware to infect cameras, digital video recorders, routers, and many other consumer devices.
An investigation by the FBI found that the group had managed to compromise “corporations, universities, government agencies, telecommunications providers, and media organizations” in the United States and elsewhere, the DOJ said.
The DOJ said the court-authorized operation was able to destroy the botnet despite the hackers’ attempt to prevent the FBI’s actions.
In recent months, the United States has identified another Chinese hacking group, dubbed by Microsoft as Salt Typhoon, which the White House said has compromised nine U.S. telecom networks and targeted high-profile government officials and politicians.
On Dec. 10, the FBI said malware from Salt Typhoon, Flax Typhoon, and a third Beijing-backed group Volt Typhoon, were still embedded in some U.S. systems.
On Dec. 29, AT&T and Verizon confirmed that they were among the telecommunications companies targeted by Salt Typhoon, with a small number of high-profile customers being the focus of the target. The two companies said they believe their networks have since been secured.
