05/68 Monday, January 6, 2025
The US Department of the Treasury has imposed sanctions on Integrity Tech, a Beijing-based cybersecurity company, after identifying its involvement in cyberattacks linked to the hacker group Flax Typhoon, which is allegedly backed by the Chinese government. The Office of Foreign Assets Control (OFAC) stated that Integrity Tech was used as part of the infrastructure for network attacks targeting Europe and the US since 2022, with most of the targets being critical infrastructure organizations.
Flax Typhoon, also known as Ethereal Panda and RedJuliett, has been active since 2021, focusing on critical infrastructure attacks worldwide. The group exploits VPN networks and Remote Desktop Protocol (RDP) systems to maintain persistent access. According to OFAC reports, between 2022 and 2023, the group infiltrated systems in both the US and Europe, including the servers of an organization in California. Additionally, a large botnet named Raptor Train was discovered, capable of controlling Internet of Things (IoT) devices and Small Office/Home Office (SOHO) devices. Raptor Train has been in operation since 2020 and has infected over 200,000 devices, such as SOHO routers, NAS servers, and IP cameras. In 2023 alone, more than 60,000 devices were added to the botnet, making it one of the largest IoT botnets linked to China. In September 2024, US authorities successfully disrupted the botnet.
The US Treasury’s sanctions include freezing all assets of Integrity Tech and its affiliates, as well as prohibiting US individuals from conducting any transactions involving the company. Violations of these measures may lead to legal penalties. OFAC emphasized that these sanctions are not solely punitive but are also intended to encourage behavioral change in companies and organizations involved in cyber activities that threaten global security. This action underscores the US commitment to safeguarding critical infrastructure and strengthening cybersecurity against global cyber threats.
