The U.S. has imposed sanctions on Beijing-based Integrity Technology Group, Flax Typhoon Group, which is accused of carrying out cyber attacks on the country’s critical infrastructure acting on behalf of the state, used a botnet of more than 260,000 infected devices worldwide to carry out the attacks.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the sanctions on January 3, 2025. Integrity Technology Group is involved in numerous cyber threats against key industries in the US starting in 2021. According to the FBI, the botnet created by Integrity Tech consisted of more than 100,000 devices in the US alone. Attackers spread malware through household devices such as routers, webcams, and DVRs.
The FBI notes that Flax Typhoon hacked the servers of an unnamed California company in 2023. The group used VPNs and remote desktop protocols to access victims’ networks. The group paid special attention to facilities in Taiwan and other countries of North America, Europe and Asia. In December of the following year, Chinese hackers breached a third-party cybersecurity vendor and gained access to 100 laptops belonging to US Treasury employees.
Microsoft’s report indicated that hackers were actively using publicly known vulnerabilities to infiltrate networks. The attacks were aimed at stealing information and creating a threat to US national security. Sanctions against Integrity Tech are another step in this direction. Additional details about the incident will be released at a congressional hearing on January 10, 2025.