The United States imposed sanctions on Beijing-based Integrity Technology Group on Friday, accusing the cybersecurity company of orchestrating widespread hacking campaigns under the state-sponsored group known as "Flax Typhoon." The decision, announced by the Treasury Department and the State Department, marks a significant escalation in Washington's efforts to counter Chinese cyberespionage targeting critical infrastructure and sensitive sectors worldwide.
Integrity Tech, described as a major contractor for China's Ministry of State Security, allegedly facilitated Flax Typhoon's operations to infiltrate networks across the U.S., Europe, and Taiwan. Over the past year, the hacking group reportedly compromised multiple systems, including servers and workstations at a California-based organization in 2023. U.S. officials assert that Integrity Tech provided the infrastructure for these cyber activities, enabling Flax Typhoon to execute its operations undetected for years.
In a joint statement, the U.S. government outlined Integrity Tech's role in supporting a botnet called "Raptor Train," which infected over 260,000 devices globally, including routers, modems, and network-attached storage servers. The botnet, dismantled in a September 2024 court-authorized operation, was allegedly used to launch distributed denial-of-service (DDoS) attacks and conduct reconnaissance missions targeting military, telecommunications, and government entities. The FBI, in coordination with the Cyber National Mission Force and allied agencies, described Raptor Train as a sophisticated, multi-tiered system capable of launching stealthy cyber intrusions.
The sanctions bar U.S. entities and citizens from conducting transactions with Integrity Tech, freeze its U.S.-based assets, and extend potential penalties to foreign entities engaging with the company. "Today's action underscores our commitment to holding state-sponsored cyber actors accountable," a Treasury Department spokesperson stated. U.S. officials emphasized the necessity of such measures to safeguard critical infrastructure and sensitive data.
Chinese officials dismissed the allegations as baseless, accusing the U.S. of making politically motivated claims. The United States and its allies "jumped to an unwarranted conclusion and made groundless accusations against China," a Chinese government spokesperson said. Beijing has consistently denied involvement in state-sponsored cyber activities, framing international scrutiny as part of a broader geopolitical strategy against China.
Flax Typhoon is among several Chinese hacking groups under U.S. investigation for cyberespionage. The group is linked to numerous attacks targeting critical infrastructure, including telecommunications, defense, and government networks. Earlier this month, the Treasury Department disclosed that Chinese hackers had breached its systems, specifically targeting the department's sanctions office. In addition to Flax Typhoon, other state-sponsored groups such as "Volt Typhoon" and "Salt Typhoon" have come under scrutiny for targeting U.S. telecom firms and other strategic industries.
The sanctions against Integrity Tech reflect growing concerns about China's cyber capabilities and their implications for global security. FBI Director Christopher Wray, in remarks last September, accused the company of providing reconnaissance and intelligence services to Chinese government agencies. The "Five Eyes" alliance, comprising the U.S., UK, Canada, Australia, and New Zealand, also attributed the compromise of over 250,000 global devices to Integrity Tech's activities.
