U.S. Hits Chinese Cybersecurity Company With Sanctions After Breach

The Treasury Department sanctioned a Beijing-based cybersecurity company Friday, accusing it of helping Chinese hackers infiltrate U.S. communications systems and conduct surveillance on four continents.

The department said in a statement that Integrity Technology Group supported a state-sponsored Chinese hacking group known as Flax Typhoon in a campaign to hack foreign networks between the summer of 2022 and 2023, saying it discovered that the group “regularly sent and received information by Integrity Tech infrastructure”.

The action was taken after the Ministry of Finance says a letter to legislators This week, China’s spy agency hacked its systems in what appears to be an espionage operation, gaining access to government employees’ workplaces and unclassified documents.

The department spokesman did not clarify whether Flux Typhoon was involved in the attack on Treasury systems or whether the sanctions were simply part of a larger operation to disrupt China’s cyber capabilities.

Sanctions also follow a much more devastating revelation Last year, a group linked to Chinese intelligence agencies known as the “Salt Typhoon” hacked into US telecommunications networks, targeting phone conversations and text messages. a number of leading political figuresincluding President-elect Donald Trump.

Like Salt typhoonFlax Typhoon is among the few groups that Microsoft owns. publicly identified as linked to Chinese intelligence and responsible for a number of state-sponsored cyber attacks. The group has been active since 2021 and appears to be focused on targets in Taiwan and the United States, according to the Congressional Research Service.

“The Treasury Department will not hesitate to hold malicious cybercriminals and their enablers accountable for their actions,” Bradley T. Smith, acting deputy secretary of the Treasury, said in a statement. “The United States will use every tool available to defeat these threats as we continue to work together to strengthen public and private sector cyber defenses.”

In September the F.B.I. said it disabled a network of 200,000 consumer devices in the US and abroad that were infected with malware and weaponized by Flax Typhoon.

The sanctions announced Friday broadly prohibit financial institutions and individuals from dealing with Integrity Technology Group and freeze any of its assets in the United States.

It was not immediately clear what the Treasury hack might have entailed, but the agency poses an attractive target for state-sponsored hackers because of its Office of Foreign Assets Control, which is responsible for imposing sanctions and determining which individuals pose a threat. national security.