U.S. Imposes Sanctions on Chinese Company With Flax Typhoon Links

The U.S. Treasury Department on Friday announced it is hitting a Beijing-based cybersecurity company with sanctions due to its role in multiple security intrusions against U.S. organizations. The company has been publicly attributed to Chinese state-sponsored group Flax Typhoon, according to the Treasury Department.

Key Details:

• The cybersecurity company is called Integrity Technology Group, Incorporated (Integrity Tech) and was previously linked to Flax Typhoon by the FBI in September

• Flax Typhoon has been active since at least 2021, and has targeted U.S. critical infrastructure organizations, as well as entities across Europe, Africa and Asia (particularly Taiwan)

• The Treasury Department said that between summer 2022 and fall 2023, Flax Typhoon actors utilized infrastructure that was tied to Integrity Tech during their attacks, and Flax Typhoon also sent and received information from Integrity Tech infrastructure 

The Background: Flax Typhoon poses a major espionage threat and is known for attacks against targets both in the U.S. and worldwide. The group is also known for its tendency to maintain difficult-to-detect access to organizations for as long as possible. 

These sanctions are only the latest step by the U.S. government to crack down on the threat group. In September, the FBI said that it had conducted a joint operation to take down a botnet backed by Flax Typhoon, which had aimed to target U.S. critical infrastructure and steal information. 

Why It Matters: The sanctions come at an interesting time. Just this week, the Treasury Department disclosed that it had been targeted earlier in December by a Chinese APT group in a cyberattack that enabled the attackers to access certain user workstations and unclassified documents.

According to a report by the Washington Post, the incident involved the Office of Foreign Assets Control (OFAC), the financial intelligence agency within the Treasury Department responsible for enforcing economic and trade sanctions. This office could be of particular interest for Chinese espionage actors looking for information about the companies or entities the U.S. is identifying for potential sanctions. 

Moving Forward: Under the new sanctions, all transactions between U.S. individuals and Integrity Tech will be blocked, and all property of the company that is in the U.S. or in control of U.S. individuals are blocked and must be reported.

“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith in a statement. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”