The US has imposed sanctions on Integrity Technology Group (Integrity Tech), a Beijing-based cybersecurity company accused of facilitating state-sponsored cyber intrusions targeting American entities and critical infrastructure. The sanctions were announced by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) as part of a broader effort to combat cyber threats linked to China.
Integrity Tech has been identified as a key player in supporting Flax Typhoon, a Chinese state-sponsored cyber group that has been active since at least 2021. According to US officials, Flax Typhoon has exploited known software vulnerabilities to infiltrate networks and used legitimate remote access tools to maintain control over compromised systems. The group has targeted organisations across North America, Europe, Asia, and Africa, with a particular focus on Taiwan. Its victims reportedly span industries such as telecommunications, government, media, and education. By leveraging publicly available vulnerabilities, the group gains access to networks and maintains persistence by employing legitimate tools, complicating detection and response efforts.
Investigations revealed that between mid-2022 and late 2023, Flax Typhoon used infrastructure associated with Integrity Tech to conduct network exploitation activities. The group accessed servers and workstations belonging to various US and European organisations, including a California-based entity, by using virtual private network software and remote desktop protocols to facilitate their operations.
Under Executive Order 13694, as amended by Executive Order 13757, OFAC designated Integrity Tech for its role in cyber-enabled activities that threaten US national security, foreign policy, and economic stability. The sanctions freeze all property and interests of the company within the US and prohibit US persons or entities from conducting transactions involving the firm without specific authorisation.
The designation also extends to entities owned 50% or more by Integrity Tech, effectively blocking them from accessing US financial systems. These measures are part of the government’s effort to hold accountable those involved in malicious cyber activities targeting critical infrastructure.
In September 2024, the Federal Bureau of Investigation (FBI), along with the National Security Agency (NSA), Cyber National Mission Force, and Five Eyes intelligence partners, issued a joint advisory. The advisory detailed the tactics, techniques, and procedures used by Flax Typhoon and highlighted Integrity Tech’s role in facilitating its operations. The Department of Justice also announced a court-authorised operation to dismantle a botnet linked to Integrity Tech. The botnet, comprising over 200,000 consumer devices worldwide, had been used in malicious cyber activities.
Broader implications for US telecommunications
The sanctions come amid growing concerns about the extent of Chinese cyber activities targeting US telecommunications networks. A recent report by the Wall Street Journal revealed that Chinese hackers breached additional telecom companies, including Charter Communications, Consolidated Communications, and Windstream. These intrusions are in addition to previously reported breaches involving major providers like AT&T, Verizon, Lumen Technologies, and T-Mobile. The hackers exploited vulnerabilities in network devices from vendors such as Fortinet and Cisco Systems, highlighting critical gaps in cybersecurity across the sector.
Read more: US Treasury confirms cybersecurity breach linked to Chinese hackers
