The Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a cybersecurity company based in Beijing. The sanctions were imposed due to the company's involvement in several computer intrusion incidents targeting U.S. victims. These incidents have been linked to Flax Typhoon, a Chinese state-sponsored cyber group active since at least 2021, known for targeting U.S. critical infrastructure sectors.

According to the most recent Annual Threat Assessment by the Office of the Director of National Intelligence, Chinese cyber actors are considered one of the most persistent threats to U.S. national security. They have continued to target U.S. government systems, including a recent incident involving Treasury's IT infrastructure.

"The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions," stated Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence. "The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses."

A joint cybersecurity advisory was published on September 18, 2024, by the Federal Bureau of Investigation, Cyber National Mission Force, National Security Agency, and Five Eye partners. It highlighted Flax Typhoon's tactics and Integrity Tech’s role in supporting its activities.

Flax Typhoon has been targeting organizations within U.S. critical infrastructure sectors since at least 2021 and has compromised networks in North America, Europe, Africa, Asia, with a particular focus on Taiwan. The group exploits known vulnerabilities to access victims' computers and uses legitimate remote access software for network control.

From summer 2022 through fall 2023, Flax Typhoon accessed hosts associated with U.S. and European entities using virtual private network software and remote desktop protocols. In summer 2023, they compromised servers and workstations at a California-based entity.

During this period, Flax Typhoon utilized infrastructure tied to Integrity Tech for its network exploitation activities against multiple victims.

OFAC designated Integrity Tech under Executive Order (E.O.) 13694 as amended by E.O. 13757 due to its involvement in cyber-enabled activities that threaten U.S national security or economic stability.

As part of today's action, all property and interests in property belonging to the designated entity within the United States or controlled by U.S persons are blocked and must be reported to OFAC. Entities owned 50 percent or more by blocked persons are also blocked unless authorized by OFAC license or exemption.

Financial institutions engaging with sanctioned entities may face sanctions or enforcement actions if involved in prohibited transactions or activities.

OFAC emphasizes that sanctions aim not just at punishment but encouraging positive behavioral change while offering processes for removal from sanction lists when applicable.

For further information on designated individuals and entities today click here.