This post is also available in:
עברית (Hebrew)
The U.S. Treasury Department has announced sanctions against Integrity Technology Group, Inc., a Beijing-based cybersecurity company accused of conducting cyberattacks targeting critical U.S. infrastructure. The sanctions were imposed on Friday, January 3rd, by the Treasury’s Office of Foreign Assets Control (OFAC), which cited Integrity Tech’s involvement in malicious cyber operations under the state-sponsored group known as Flax Typhoon.
Integrity Tech has been linked to multiple cyberattacks dating back to 2021, with a particular focus on critical sectors within the U.S. These operations are attributed to Flax Typhoon, a cyber threat group that was exposed by the FBI in September 2024. The group orchestrated a large-scale botnet operation, infecting over 260,000 devices globally, with more than 100,000 of those located in the United States.
Flax Typhoon employs a range of tactics, including Distributed Denial-of-Service (DDoS) attacks, to disrupt services. Integrity Tech’s botnet malware was typically spread by targeting consumer devices such as webcams and routers, blending its malicious activity with regular internet traffic to avoid detection.
Between the summer of 2022 and the fall of 2023, Flax Typhoon used infrastructure linked to Integrity Tech to routinely exfiltrate and receive sensitive information. The group is known for exploiting publicly disclosed vulnerabilities, which it uses to breach networks worldwide, particularly in Taiwan. Microsoft’s Threat Intelligence profile on Flax Typhoon found that the group frequently targeted government entities, educational institutions, and critical manufacturing sectors in North America, Europe, and Asia.
This sanction follows a high-profile breach in December 2024, where Chinese hackers compromised computers belonging to U.S. Treasury Department staff, including senior officials, by infiltrating a third-party cybersecurity vendor. The Treasury Department has is expected to provide further details at a hearing scheduled for January 10, 2025.
The sanctions imposed by OFAC are part of broader U.S. efforts to disrupt state-sponsored cyberattacks and reinforce defenses against such ongoing threats.
