The cybersecurity company was linked to the Flax Typhoon attacks that infiltrated around 260,000 internet-connected devices, which the FBI said underscores a growing threat from Chinese state actors.
The Treasury Department announced sanctions Friday against a prominent Shanghai-listed Chinese network security company for its role in a global attack affecting at least 260,000 internet-connected devices, roughly half of which were located in the United States.
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.
The group behind the attacks was active since at least 2021, but U.S. authorities only managed to wrest control of the devices from the hackers in September, after the FBI won a court order that allowed the agency to send commands to the infected devices.
The Flax Typhoon attack is part of Chinese state-sponsored hacks that have heightened concerns over China’s access to U.S. critical infrastructure. In the past year, authorities have traced major incursions linked to Beijing, from the covert infiltration of critical infrastructure in Guam and the illegal collection of call data from key political figures and their staff during the U.S. presidential campaign.
The announcement comes just days after the Treasury Department revealed it had been targeted by Chinese state-backed hackers who managed to breach a highly sensitive office responsible for administering sanctions on foreign governments and individuals.
“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses,” said Treasury acting undersecretary for terrorism and financial intelligence, Bradley T. Smith, in a statement Friday.
Treasury’s designation follows sanctions announced last month on Sichuan Silence Information Technology Company, in which U.S. officials accused the company of exploiting technology flaws to install malware in more than 80,000 firewalls, including those protecting U.S. critical infrastructure.
The new sanctions on Beijing Integrity Technology are notable due to the company’s public profile and outsize role in servicing China’s police and intelligence services via state-run hacking competitions. The company, which is listed in Shanghai and has a market capitalization of more than $327 million, plays a central role in providing state agencies “cyber ranges” — technology that allows them to simulate cyberattacks and defenses.
Analysts say the company facilitated the attacks in the United States and elsewhere by infiltrating hundreds of thousands of devices, which in turn obscured the identity of the original hackers.
“Beijing Integrity Tech maintains a network of compromised devices that allow an attacker to move between these devices and hide where they’re actually working from,” said Dakota Cary, a fellow at the Atlantic Council who has studied the company’s role in state-sponsored hacking. “When the investigators go to respond to it, they see that the attack is coming from your home router, not from China,” he said.
In September, FBI Director Christopher A. Wray said the Flax Typhoon attack successfully infiltrated universities, media organizations, corporations and government agencies, and in some cases caused significant financial losses as groups raced to replace the infected hardware. He said at the time that the operation to shut down the network was “one round in a much longer fight.”
U.S. officials said they still haven’t been able to expel Chinese government hackers from telecommunications companies and internet service providers following a separate large-scale attack known as Salt Typhoon. The hacks collected user data, as well as some voice messages and live audio calls from a number of high-profile political figures and U.S. officials. The full scope of the compromise is not yet known.
The Treasury sanctions bar Beijing Integrity Technology from access to U.S. financial systems and freeze any assets the company might hold in the United States, but the moves are unlikely to have a significant effect on the company, said the Atlantic Council’s Cary.The firm is listed on the Shanghai stock exchange and has limited international exposure.
China’s embassy in Washington and Beijing Integrity Technology did not immediately respond to a request for comment. Beijing’s foreign ministry has previously denied involvement in systemic state-backed hacking, and has accused the United States of falsely linking attacks to Chinese firms.
U.S. State Department spokesman Matthew Miller said in a statement that the push to target Beijing Integrity Technology was the outcome of a whole-of-government effort to protect the United States and its allies from “irresponsible and reckless.”
A 2024 assessment by the Office of the Director of National Intelligence said China is the most “active and persistent” cyberthreat and that actors under Beijing’s direction have made efforts to breach U.S. critical infrastructure with the intention of lying in wait to be able to launch attacks in the event of major conflict.
By Cate Cadell – Washingtonpost