The U.S. authorities has sanctioned a Beijing-based cybersecurity firm over its alleged hyperlinks to a China government-backed hacking group, tracked as Flax Storm.
The Treasury Division’s Workplace of International Property Management (OFAC) on Friday announced the sanctions towards the Integrity Expertise Group for its function in “a number of laptop intrusion incidents towards U.S. victims,” together with U.S. vital infrastructure.
The sanctions land months after the U.S. authorities accused Integrity Expertise, also known as Yongxin Zhicheng, of operating a botnet related to the Flax Storm hacking group.
The botnet, which was dismantled by the FBI in a court-authorized operation in September, was made up of greater than 260,000 internet-connected units, together with cameras, storage units, and routers, in keeping with a joint advisory printed by the FBI and the Nationwide Safety Company on the time. The businesses stated the botnet had been operated and managed by the Integrity Expertise Group since 2021 to hide the actions of the Flax Storm hackers.
The Treasury stated in its assertion that Flax Storm used infrastructure linked to Integrity Tech to compromise a number of U.S. and European organizations between mid-2022 and late-2023. The hacking victims weren’t named, however the Treasury added that the China-backed hacking group compromised “a number of servers and workstations at a California-based entity.”
In response to a separate press launch printed by the U.S. Division of State on Friday, Flax Typhoon successfully targeted a number of U.S. universities, authorities businesses, telecommunications suppliers, and media organizations.
The brand new sanctions, which designate Integrity Tech as a company concerned in “malicious cyber-enabled actions,” come simply days after the Treasury confirmed it was subject to a cyberattack in December that it attributed to China government-backed hackers. The hackers reportedly targeted the Treasury’s sanctions office, OFAC, in the course of the intrusion, which gave the hackers distant entry to Treasury workers and entry to unclassified paperwork.
U.S. officers instructed The Washington Post that the intrusion might have given the hackers entry to details about Chinese language organizations that the U.S. authorities could also be contemplating designating for monetary sanctions.
A spokesperson for the Treasury didn’t return TechCrunch’s request for remark. In its assertion Friday, the Treasury referred to as Chinese language malicious actors “some of the energetic and most persistent threats” dealing with U.S. nationwide safety, referencing the focusing on of the Treasury’s personal IT infrastructure.
Integrity Tech, which is traded on the Shanghai Inventory Trade, didn’t reply to TechCrunch’s questions.
