The Biden administration on Friday sanctioned Beijing-based Integrity Technology Group, aiming to strike a blow against China’s “Typhoon” hacking groups ripping through American infrastructure.
U.S. officials have accused the government-linked Typhoon hackers of breaching American networks for espionage and pre-positioning for future sabotage operations. The Biden administration said Friday that it linked Integrity Technology Group to Flax Typhoon hackers who have been operating with connections to the Communist regime’s Ministry of State Security.
“PRC-based hackers working for Integrity Tech, known to the private sector as ’Flax Typhoon,’ were working at the direction of the PRC government, targeting critical infrastructure in the United States and overseas,” said State Department spokesman Matthew Miller in a statement. “Flax Typhoon hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers and media organizations.”
The U.S. Treasury Department said it identified Flax Typhoon hackers using infrastructure linked to Integrity Tech for cyberattacks between the summer of 2022 and the fall of 2023.
Flax Typhoon has operated since at least 2021, according to the Treasury Department, using virtual private network software and remote desktop protocols to get access inside victims’ networks.
The Justice Department took action in September 2024 to disrupt a botnet controlled and managed by Integrity Tech since mid-2021, which the Justice Department estimated affected more than 200,000 consumer devices in the U.S. and around the world.
The sprawling botnet used malware “designed to hijack ]Internet of Things] devices such as webcams, DVRs, IP cameras and routers,” according to a cybersecurity advisory published in September by U.S. agencies and their partners in Australia, Canada, New Zealand and the U.K.
The Treasury Department’s sanctions announced on Friday are the latest effort by the Biden administration to push back against China’s hackers that U.S. officials say have burrowed into the country’s infrastructure systems.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said Bradley T. Smith, acting Undersecretary of the Treasury for Terrorism and Financial Intelligence, in a statement.
The Treasury Department is also still working to overcome a recent brush with China’s hackers. Earlier this week, officials revealed that Chinese hackers accessed Treasury Department work stations and unclassified documents after compromising a third-party software provider.
The department said Friday that China’s cyberattackers remain “one of the most active and most persistent threats to U.S. national security.”
“These actors continue to target U.S. government systems as part of their efforts, including the recent targeting of Treasury’s own IT infrastructure,” the department said in a statement.
• This article is based in part on wire service reports.