The U.S. government has imposed sanctions on a China-based cybersecurity company for its involvement in a large-scale botnet targeting U.S. organizations, including critical infrastructure.
Beijing-based Integrity Technology Group has been accused of involvement in multiple computer intrusions attributed to Flax Typhoon, a malicious Chinese state-sponsored cyber group that has been active since at least 2021. There is.
Flax Typhoon compromised computer networks across North America, Europe, Africa, and Asia, especially Taiwan. It exploits publicly known vulnerabilities to gain initial access to a victim’s computer and leverages legitimate remote access software to maintain permanent control over the network.
In September 2024, a joint cybersecurity advisory issued by the National Security Agency (NSA), FBI, and Cyber National Task Force detailed how botnets operate. It consists of 260,000 devices and is believed to be running Mirai malware.
Devices include IoT devices such as firewalls, network attached storage, SoHo routers, and web cameras. This botnet can be used to perform distributed denial of service attacks (DDoS), compromise networks, or deliver malware.
The Treasury Department’s Office of Foreign Assets Control (OFAC) announced that from summer 2022 to fall 2023, Flax Typhoon attackers used infrastructure associated with Integrity Technology during computer network abuse operations against multiple victims. During that time, the Flax Typhoon was regularly sending and receiving information from the Integrity Technology infrastructure.
As a result, Integrity Technology will be blocked from all U.S.-based property and interests, and financial institutions will be prohibited from engaging in any transactions or activities with the company.
Chinese hackers pose a persistent threat to the US
OFAC emphasizes that Chinese state-linked actors pose “one of the most active and persistent threats to U.S. national security” and regularly target U.S. government systems as part of its efforts. .
Bradley T. Smith, Acting Assistant Secretary of the Treasury for Terrorism and Financial Intelligence, commented: The United States will continue to work together to strengthen public and private sector cyber defenses and use all available tools to thwart these threats. ”
The announcement comes as the Treasury Department revealed that Chinese state-sponsored hackers targeted BeyondTrust, a third-party cybersecurity vendor, to configure some of the Treasury Department’s computers and access sensitive information. It was done a day later.
Last year, the United States warned that a group called Bolt Typhoon was actively infiltrating the networks of U.S. critical infrastructure organizations. The intrusion is seen as a strategic move to potentially disrupt or destroy critical services in the event of an escalation of geopolitical tensions or military conflicts involving the United States and its allies.
Read now: US warns of devastating Chinese cyber attack
