Chinese cyber firm linked to botnet attack sanctioned in US
The federal government hit Chinese cyber group Integrity Technology Group with new sanctions on Friday, citing alleged computer intrusion incidents against those in the U.S.
At the direction of the China, hackers associated with the Integrity Technology Group allegedly targeted multiple U.S. and foreign corporations, universities, telecommunication firms, government and media organizations, State Department spokesperson Matthew Miller said in a statement Friday.
The Beijing-based cybersecurity company is a major government contractor with ties to China's Ministry of State Security, government officials said.
The operation, dubbed "Flax Typhoon," is one of multiple alleged hacking efforts by Chinese-affiliated cyber actors to infiltrate U.S. data and infrastructure in recent months.
The Justice Department in September announced a court-authorized operation to disrupt the botnet, which was controlled and managed by Integrity Technology since 2021 to conceal the identities and activities of Flax Typhoon hackers.
The botnet was made up of more than 260,000 consumer devices in North America, South America, Europe, Southeast Asia, Africa and Australia, the FBI, Cyber National Mission Force and National Security Agency said in its initial joint advisory in September.
"The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Bradley T. Smith, acting undersecretary of the Treasury's Office of Terrorism and Financial Intelligence.
“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
Under the new sanctions, all property and interests of Integrity Tech are blocked in the United States and must be reported to the Treasury Department's Office of Foreign Assets Control.
The announcement comes just days after the Treasury Department confirmed Chinese state-sponsored actors hacked into the government agency and accessed unclassified documents from its workstations.
"Chinese malicious cyber actors continue to be one of the most active and most persistent threats to U.S. national security," the Treasury Department said Friday.