The United States sanctioned a Chinese cybersecurity company on Jan. 3 over its role in the hacking of U.S. computer systems by China-backed cyber espionage group Flax Typhoon.
The Treasury stated that Flax Typhoon actors used infrastructure tied to Integrity Technology during the group’s hacking campaign between summer 2022 and fall 2023, routinely sending and receiving information from the infrastructure.
U.S. persons are banned from having transactions that involve any such property or interests in property. Financial institutions and others in violation of the sanctions could get sanctioned themselves.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
Multiagency actions against Flax Typhoon reflect the “whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners,” Miller said, using the abbreviation of the official name of the Chinese regime under the Chinese Communist Party, the People’s Republic of China.
“The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors,” he said.
According to the department, Flax Typhoon actors used malware to infect cameras, digital video recorders, routers, and many other consumer devices.
An investigation by the FBI found that the group had managed to compromise “corporations, universities, government agencies, telecommunications providers, and media organizations” in the United States and elsewhere, the DOJ stated.
According to the DOJ, the court-authorized operation was able to destroy the botnet despite the hackers’ attempt to prevent the FBI’s actions.
In recent months, the United States has identified another Chinese hacking group, dubbed by Microsoft as Salt Typhoon, which the White House stated has compromised nine U.S. telecom networks and targeted high-profile government officials and politicians.
On Dec. 10, the FBI stated that malware from Salt Typhoon, Flax Typhoon, and a third Beijing-backed group Volt Typhoon were still embedded in some U.S. systems.
On Dec. 29, AT&T and Verizon confirmed that they were among the telecommunications companies targeted by Salt Typhoon, with a small number of high-profile customers being the focus of the target. The two companies stated that they believe their networks have since been secured.
