The U.S. government sanctioned a Chinese service provider it said provided its services to threat actors.
According to the Treasury Department, Beijing-based Integrity Technology Group essentially offered its service as a sort of tech backbone for a prominent Chinese advanced persistent threat operations (APT).
The sanctions would effectively freeze the ability for Integrity and any of its associated companies or subsidiaries from operating within the U.S. Additionally, it forbids any U.S.-based organizations from purchasing any Integrity Tech services or otherwise aiding the company.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Bradley Smith, the acting Under Secretary of the Treasury for Terrorism and Financial Intelligence.
“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
The sanctions said from what investigators believe to be close ties between Integrity Tech and one of the most notorious Chinese threat actors: Flax Typhoon.
The state-backed hacking crew waged a years long campaign of network intrusion and malware attacks against targets around the world. Flax Typhoon was said to be behind dozens of attacks, most notably targeted campaigns against commercial and government organizations in Taiwan.
Throughout that time, it is believed that Integrity Tech was supplying the services that the Flax Typhoon team was using to wage its attacks, such as hosting its server instances and providing network services that could be used to conceal or redirect traffic from detection by security systems.
In addition to Taiwan and the U.S., it is believed that Flax Typhoon hackers were behind a series of attacks that targeted government organizations across several African nations.
The group’s reign of terror would eventually come to an end in September 2024 when a team of law enforcement groups, led by the FBI, seized and dismantled the Flax Typhoon botnet, essentially crippling the operation’s ability to effectively carry out large-scale attacks.
The sanctions will probably not come as much of a surprise to Integrity Tech. In the process of dismantling the botnet investigators would have gathered information on the back-end structure of the group and its service providers.
It is unclear what, if any, business Integrity Tech has within the U.S. With political tensions between the U.S. and China showing no signs of letting up anytime soon, authorities are also highly unlikely to get any help from Beijing on the matter, particularly as Flax Typhonn has been widely acknowledged as a state-sponsored operation.
