U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns


Jan 04, 2025Ravie LakshmananCyber Espionage / IoT Botnet

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims.

These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or RedJuliett), which was outed last year as operating an Internet of Things (IoT) botnet called Raptor Train.

The hacking crew has been active since at least mid-2021, targeting various entities across North America, Europe, Africa, and across Asia. Attacks mounted by Flax Typhoon have typically leveraged known vulnerabilities to gain initial access to victims’ computers and then make use of legitimate remote access software to maintain persistent access.

The Treasury Department described Chinese malicious cyber actors as one of the “most active and most persistent threats to U.S. national security,” repeatedly targeting U.S. government systems, including those associated with the federal agency.

Cybersecurity

“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”

Integrity Group, also known as Yongxin Zhicheng, has been accused of providing infrastructure support to Flax Typhoon cyber campaigns between mid-2022 and late-2023, with the U.S. Department of State classifying it as a government contractor with ties to the People’s Republic of China (PRC) Ministry of State Security. It was established in September 2010.

“It provides services to country and municipal State Security and Public Security Bureaus, as well as other PRC cybersecurity government contractors,” the State Department noted.

“‘Flax Typhoon’ hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link