Headline: U.S. Imposes Sanctions on Chinese Cybersecurity Firm Tied to Beijing
Article:
The U.S. government has announced a series of sanctions against the Chinese cybersecurity firm Integrity Tech Group (ITG), accusing it of multiple cyberattacks against the United States and other countries. The U.S. Treasury Department has linked ITG to the Chinese government and holds it responsible for numerous incursions, including the recent attack on the U.S. Treasury’s systems.
The Treasury Department specifically accuses ITG of supporting the state-sponsored hacker group Flax Typhoon, which has targeted networks in North America, Europe, Africa, and Asia, with a particular focus on Taiwan since 2021. Between summer 2022 and fall 2023, Flax Typhoon routinely sent and received information through ITG’s infrastructure while exploiting multiple victims’ networks.
The sanctions will freeze any assets ITG has in the U.S. and threaten international companies with penalties if they maintain economic ties with the firm. This move comes after the U.S. Treasury revealed that it had suffered a significant cybersecurity incident on December 8, which it attributed to hackers allegedly linked to the Chinese government. China has since denied these allegations.
The Treasury Department reported the incident in a letter to Congress, explaining that it learned of the breach when an external software service provider, BeyondTrust, alerted them to a third party gaining unauthorized access to certain information. "Flax Typhoon has successfully attacked multiple companies in the U.S. and abroad, universities, government agencies, telecommunications providers, and media outlets," said Treasury spokesperson Matthew Miller.
In September, the U.S. Department of Justice announced an operation against a network of over 200,000 infected electronic devices (ranging from routers to internet-connected cameras) controlled by ITG’s malicious software. ITG even developed an online application, KRLab, allowing clients to control their victims’ devices.
To dismantle ITG’s botnet, U.S. authorities infected the network and sent commands to disable the malicious software without affecting the legitimate functions or data of the infected devices. The sanctions against ITG will block its properties and assets in the U.S. and prohibit American entities or individuals from conducting transactions with the company.
(With information from EFE and EP)
