​The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group.

As the Treasury’s Office of Foreign Assets Control (OFAC) said on Friday, the Chinese state-sponsored hackers used the company’s infrastructure to launch attacks targeting networks of victims in Europe and the United States for over a year, starting in the summer of 2022.

“Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure,” OFAC said.

“The actors maliciously used virtual private network software and remote desktop protocols to facilitate this access. In summer 2023, Flax Typhoon compromised multiple servers and workstations at a California-based entity.”

These sanctions follow a September 2024 court-authorized operation to disrupt a botnet of hundreds of thousands of consumer and small business devices in the U.S. and worldwide controlled by the Chinese threat group and tracked as “Raptor Train.”

As the FBI revealed at the time, in coordination with the Cyber National Mission Force, NSA, and Five Eye partners, Flax Typhoon used this botnet for DDoS attacks and as a proxy to launch stealthy attacks against entities in the military, government, higher education, telecommunications, defense industrial base (DIB), and IT sectors, mainly in the U.S. and Taiwan.

Within four years of activity, since May 2020, Raptor Train grew into a massive, multi-tiered network with an enterprise-grade control system and infected over 260,000 networking devices, including routers and modems, NVRs and DVRs, IP cameras, and network-attached storage (NAS) servers.

FBI Director Christopher Wray said at the Aspen Cyber Summit in September that Flax Typhoon worked under the direction of the Chinese government.

“Flax Typhoon has compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan,” OFAC added today. “Flax Typhoon exploits publicly known vulnerabilities to gain initial access to victims’ computers and then leverages legitimate remote access software to maintain persistent control over their network. Flax Typhoon has targeted victims within a wide range of industries.”

Following today’s sanctions, U.S. organizations and citizens are prohibited from conducting transactions with Integrity Tech (short for Integrity Technology Group, Incorporated). Additionally, any assets in the U.S. associated with them will be frozen. U.S. financial institutions and foreign entities that engage in transactions with them may also face penalties.

On Monday, the Treasury Department disclosed that unknown Chinese government threat actors had hacked its network. Since then, U.S. officials have stated that the attackers specifically targeted the agency’s OFAC department, likely to collect intelligence on future sanctions targeting Chinese individuals and organizations.

Another Chinese state-backed hacking group tracked as “Salt Typhoon” has also been linked to a wave of breaches impacting nine U.S. telecom firms, including Verizon, AT&T, and Lumen.