The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Beijing-based Integrity Technology Group (Integrity Tech) for its involvement in cyber intrusion campaigns targeting US entities.
Integrity Tech has been linked to Flax Typhoon, a Chinese state-sponsored cyber group known for targeting critical infrastructure sectors across the US and beyond.
The decision highlights the persistent threat posed by Chinese threat actors, which were named as a significant risk to US national security in the latest Office of the Director of National Intelligence (ODNI) Annual Threat Assessment. In fact, recent attacks even extended to the Treasury’s own IT infrastructure.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable,” said Bradley Smith, Acting Under Secretary for Terrorism and Financial Intelligence. “We will use every tool available to disrupt these threats while continuing to strengthen cyber defenses in the public and private sectors.”
Flax Typhoon: A Persistent Threat
Active since 2021, Flax Typhoon has conducted cyber campaigns targeting entities in critical infrastructure sectors within North America, Europe, Asia, and Africa, with a particular focus on Taiwan.
The group exploits known vulnerabilities to gain access to computer networks and uses legitimate remote access tools to maintain a foothold in victims’ systems.
Between 2022 and 2023, Flax Typhoon infiltrated networks tied to US and European entities. Notably, during the summer of 2023, the group compromised servers and workstations at a California-based business, using virtual private networks and remote desktop protocols to gain access.
Integrity Tech’s Role in Cyber Exploitation
OFAC revealed that Integrity Tech’s infrastructure was instrumental in supporting Flax Typhoon’s activities. Between the summer of 2022 and autumn of 2023, the company’s resources facilitated the group’s cyber operations, including the exchange of sensitive information.
The sanctions were issued under Executive Order (EO) 13694, as amended by EO 13757, which targets individuals and entities responsible for cyber-enabled activities threatening U.S. national security, foreign policy, or economic stability.
Sanctions and Their Implications
The sanctions against Integrity Tech impose severe restrictions:
- All property and interests belonging to Integrity Tech within the US or controlled by US persons are blocked and must be reported to OFAC.
- American individuals and entities are prohibited from engaging in transactions involving the company.
Entities owned 50% or more by designated persons are also blocked. Financial institutions and other firms that facilitate transactions with sanctioned entities risk enforcement actions and sanctions, too.
A Path to Compliance
While sanctions serve as a deterrent, OFAC stressed its ultimate goal of promoting behavioral change. The agency encourages designated individuals and entities to seek removal from the sanctions list by demonstrating compliance with US law.
This action highlights the US government’s commitment to countering cyber threats and holding accountable those who enable malicious activities.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.