China has sharply criticized the United States for imposing sanctions on Beijing-based Integrity Technology Group, a cybersecurity company accused of aiding state-sponsored hacking campaigns targeting U.S. infrastructure. The sanctions, announced by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC), have reignited tensions between the two nations over cybersecurity and espionage claims.
The U.S. accused Integrity Technology Group of supporting Flax Typhoon, a Chinese state-backed hacking group allegedly responsible for multiple cyber intrusions targeting critical infrastructure in the U.S. and other nations. Acting Undersecretary for Terrorism and Financial Intelligence Bradley Smith stated, "The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions."
Flax Typhoon, active since at least 2021, has reportedly exploited known vulnerabilities to infiltrate networks and maintain persistent access through legitimate remote access software. The group's activities have spanned North America, Europe, Africa, and Asia, with Taiwan being a particular focus, according to U.S. officials.
China's Foreign Ministry vehemently rejected the accusations. Spokesperson Guo Jiakun accused the U.S. of using cybersecurity concerns to "defame and smear China" and vowed that Beijing would take "necessary measures to safeguard its legitimate rights and interests."
Integrity Technology Group, also known as Yongxin Zhicheng Technology Group, denied the allegations, calling them "groundless" and asserting that the company complies with all applicable laws and regulations. In a statement to the Shanghai Stock Exchange, the company maintained that the sanctions would not affect its operations, as it has no assets or business in the United States.
Chinese state media and officials have framed the U.S. accusations as politically motivated. The China Daily editorialized that Washington was fabricating evidence to implicate China in cyberattacks, while a columnist for a Fujian-based outlet alleged that the U.S. had inserted Chinese language markers into malware to mislead the public.
The China National Cyber Security Information Center also reported an increase in cyberattacks originating from foreign IP addresses, including from the U.S., the Netherlands, Singapore, and other countries. The attacks allegedly employed tactics such as phishing, botnets, and intellectual property theft, according to the center's WeChat post.
Meanwhile, U.S. officials have underscored the threat posed by state-sponsored Chinese hacking campaigns. The Department of Defense's annual report to Congress noted that groups like Volt Typhoon have been compromising U.S. critical infrastructure since at least 2019. The report highlighted concerns that such activities could disrupt essential services during geopolitical tensions or military conflicts.
Chinese officials have countered by accusing the U.S. of hypocrisy, pointing to historical incidents like the 2007 Stuxnet attack on Iran's nuclear facilities, which the U.S. and Israel are widely believed to have conducted. They argue that collaboration, rather than confrontation, is the key to addressing global cybersecurity challenges.
