US sanctions Chinese tech firm that targets critical infrastructure
The US has imposed sanctions on a Chinese company that it said has been involved in a series of cyber attacks on critical infrastructure organizations in the US and elsewhere.
According to the State Department, cyber security firm Integrity Technology Group provides services to Chinese national and municipal state security and public security bureaus, as well as other government contractors.
The US Treasury also said the firm is closely linked with Flax Typhoon, a Chinese state-sponsored cyber group that has been active since at least 2021. The group was first identified by Microsoft in 2023 after targeting dozens of organizations for the purposes of espionage, particularly relating to Taiwan. Under the new sanctions, Integrity Technology Group will be barred from doing business in the US or dealing with US financial institutions.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” said acting under-secretary of the Treasury for terrorism and financial intelligence Bradley T. Smith.
“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”
Last September, the FBI – along with its Five Eyes partner nations – issued a joint advisory warning that Integrity Technology Group had been running a botnet consisting of over 260,000 compromised devices, such as small office/home office routers, firewalls, network-attached storage (NAS), and IoT devices.
It was, said the FBI, collecting intelligence and performing reconnaissance for Chinese government security agencies.
“The disruption of this worldwide botnet is part of the FBI’s commitment to using technical operations to help protect victims, expose publicly the scope of these criminal hacking campaigns, and use the adversary’s tools against them to remove malicious infrastructure from the virtual battlefield,” said FBI deputy director Paul Abbate.
“The FBI’s unique legal authorities allowed it to lead an international operation with partners that collectively disconnected this botnet from its China-based hackers at Integrity Technology Group.”
The new advisory also states that Flax Typhoon has compromised computer networks in North America, Europe, Africa, and Asia, with a particular focus on Taiwan. It exploits publicly-known vulnerabilities to gain initial access and then uses legitimate remote access software to maintain control. The group successfully targeted a number of US and international corporations, universities, government agencies, telecommunications providers, and media organizations.
It accessed several hosts associated with US and European organizations between the summer of 2022 and the fall of 2023, using virtual private network software and remote desktop protocols. In 2023, it compromised multiple servers and workstations at a California-based organization, according to the Treasury.
According to a recent government threat assessment, malicious Chinese cyber actors are one of the most active and most persistent threats to US national security.
“These multi-agency efforts reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners,” the State Department said.
Source link
