The U.S. Treasury Department has imposed sanctions on Integrity Tech, a Beijing-based cybersecurity company, for its role in facilitating cyberattacks by the Chinese state-sponsored Flax Typhoon hacking group. The company’s infrastructure was used to target networks across Europe and the United States between summer 2022 and fall 2023.
The sanctions follow the discovery of “Raptor Train,” a massive botnet controlled by Integrity Tech that infected over 260,000 networking devices worldwide. This network, operational since May 2020, targeted critical sectors including military, government, education, telecommunications, and defense industries, primarily in the U.S. and Taiwan.
Key Developments:
– Integrity Tech, a contractor for China’s Ministry of State Security, provided services to various state security bureaus
– The botnet compromised multiple devices, including routers, cameras, and storage servers
– U.S. organizations are now prohibited from conducting transactions with Integrity Tech
– All U.S.-based assets associated with the company will be frozen
Recent investigations revealed that Chinese government hackers had also breached the Treasury Department’s network, specifically targeting the OFAC department. Additionally, another Chinese state-backed group, “Salt Typhoon,” has been linked to breaches affecting major U.S. telecommunications companies including Verizon, AT&T, and Lumen.
These actions represent a significant escalation in cybersecurity measures against state-sponsored cyber threats and highlight growing concerns about Chinese cyber operations targeting U.S. infrastructure.