The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions on Integrity Technology Group, Incorporated, a Beijing-based cybersecurity firm, for its alleged role in state-sponsored cyber attacks targeting U.S. entities.
Chinese State-Sponsored Hacking Group Exposed
The cyber attack campaigns have been linked to Flax Typhoon—also known as Ethereal Panda or RedJuliett—a Chinese nation-state threat actor previously identified for operating the Raptor Train IoT botnet.
According to cybersecurity researchers, Flax Typhoon has been active since mid-2021, targeting government agencies, businesses, and institutions across North America, Europe, Africa, and Asia. Their tactics involve exploiting known vulnerabilities to gain initial access and using legitimate remote access tools to maintain persistent control over compromised systems.
U.S. Treasury Warns of Persistent Chinese Cyber Threats
The Treasury Department described Chinese-backed cyber activities as some of the “most active and persistent threats” to U.S. national security, frequently targeting federal systems and critical infrastructure.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable,” said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence. “The United States will use all available tools to disrupt these threats and strengthen public and private sector cyber defenses.”
Integrity Technology Group: A Front for China’s Cyber Espionage?
Also known as Yongxin Zhicheng, Integrity Technology Group has been accused of providing infrastructure support for Flax Typhoon’s cyber campaigns from mid-2022 to late-2023. The U.S. Department of State has classified it as a government contractor with ties to the People’s Republic of China (PRC) Ministry of State Security.
Founded in September 2010, the company reportedly provides cybersecurity services to China’s state security and public security bureaus, as well as other PRC-affiliated cyber contractors.
“Flax Typhoon hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications firms, and media organizations,” the State Department revealed.
A Growing Cybersecurity Threat
With the U.S. ramping up cybersecurity efforts against state-sponsored cyber threats, this latest sanction highlights the increasing risks posed by nation-state-backed hackers leveraging IoT botnets and exploiting vulnerabilities for long-term espionage.
Cybersecurity experts urge organizations worldwide to harden their defenses, patch known vulnerabilities, and deploy threat intelligence solutions to detect nation-state cyber threats before they escalate.