The U.S. government has sanctioned the Beijing-based Integrity Technology Group, accusing the company of enabling cyber activities linked to the China-backed hacking group Flax Typhoon. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the sanctions on January 3, 2025, citing the company’s involvement in multiple cyberattacks targeting U.S. organizations, including critical infrastructure. Integrity Technology, also known as Yongxin Zhicheng, allegedly operated a large botnet, which was utilized by Flax Typhoon to conduct cyber espionage and other malicious activities against various entities.
The botnet, which was dismantled by the FBI in September 2024, consisted of more than 260,000 internet-connected devices such as cameras, routers, and storage devices. These devices were compromised and used to disguise the actions of Flax Typhoon hackers, enabling them to infiltrate networks and exfiltrate sensitive information from U.S. and European organizations. According to joint advisories from the FBI and the National Security Agency (NSA), the botnet had been under the control of Integrity Technology since 2021.
Flax Typhoon has been linked to a series of cyberattacks between mid-2022 and late-2023, targeting U.S. universities, government agencies, telecommunications providers, and media organizations. While the specific victims were not named, reports indicate that one of the compromised entities was a California-based organization, where hackers accessed multiple servers and workstations. These cyber intrusions are part of an ongoing pattern of activity attributed to Chinese government-backed groups, which continue to pose significant threats to U.S. cybersecurity.
The sanctions on Integrity Technology come just days after the Treasury confirmed it was the victim of a cyberattack in December 2024, attributed to Chinese state-sponsored hackers. This breach reportedly targeted the Treasury’s sanctions office and allowed attackers to gain remote access to Treasury employees’ systems, including unclassified documents. With these new sanctions, the U.S. government has reiterated its stance on Chinese cyber threats, emphasizing their persistent and harmful impact on national security.
