Ethical Hacking News
The US government has imposed sanctions on Beijing-based cybersecurity company, Integrity Tech, linked to Flax Typhoon hackers. The move aims to deter the notorious hacking group from engaging in further cyberattacks.
The US government has imposed sanctions on Beijing-based cybersecurity company Integrity Tech, a move aimed at deterring cyber threats from China.The Office of Foreign Assets Control (OFAC) has frozen the company's assets and prohibited US organizations from conducting transactions with it.These sanctions are part of an effort to disrupt the activities of Flax Typhoon hackers, who have been linked to several high-profile cyberattacks in Europe and the US.The hacking group used tactics like virtual private network software and remote desktop protocols to gain unauthorized access to sensitive information.The sanctions also aim to disrupt a botnet controlled by Integrity Tech, known as "Raptor Train", which was used for DDoS attacks and stealthy attacks against government and defense sectors.US officials have acknowledged that unknown Chinese government threat actors had hacked into the US Treasury Department's network, highlighting the growing sophistication of Chinese state-sponsored hackers.
The US government has taken a significant step towards deterring cyber threats emanating from China by imposing sanctions on Beijing-based cybersecurity company, Integrity Tech. This move comes in the wake of a coordinated effort by various US agencies, including the Office of Foreign Assets Control (OFAC), to disrupt the activities of Flax Typhoon hackers, who have been linked to several high-profile cyberattacks.
At the heart of this development is the Office of Foreign Assets Control (OFAC), which has announced that it will be freezing the assets of Integrity Tech and prohibiting US organizations from conducting transactions with the company. This move effectively isolates the Chinese firm from the global financial system, making it much more difficult for them to operate.
The sanctions are a direct result of OFAC's investigation into the activities of Flax Typhoon hackers, who have been linked to numerous cyberattacks targeting networks in Europe and the United States. These attacks, which began as early as summer 2022, have been attributed to the Chinese state-sponsored hacking group. The hacking group has used various tactics, including virtual private network software and remote desktop protocols, to gain unauthorized access to sensitive information.
One of the most significant cyberattacks attributed to Flax Typhoon hackers was carried out against a California-based entity in summer 2023. During this attack, Flax Typhoon compromised multiple servers and workstations, highlighting the firm's sophisticated capabilities as a state-sponsored hacking group.
The sanctions on Integrity Tech are also part of a broader effort by US officials to disrupt the activities of Flax Typhoon hackers. In September 2024, a coordinated operation was carried out to disrupt a botnet of hundreds of thousands of consumer and small business devices in the U.S. and worldwide. The botnet, tracked as "Raptor Train" and controlled by Integrity Tech (also known as Yongxin Zhicheng), was used for Distributed Denial of Service (DDoS) attacks and as a proxy to launch stealthy attacks against entities in the military, government, higher education, telecommunications, defense industrial base (DIB), and IT sectors.
The Raptor Train botnet has grown into a massive, multi-tiered network with an enterprise-grade control system. Since May 2020, the botnet has infected over 260,000 networking devices, including routers and modems, NVRs and DVRs, IP cameras, and network-attached storage (NAS) servers.
The sanctions on Integrity Tech are a significant development in the ongoing efforts to counter Chinese state-sponsored hacking. The move is seen as a major step towards deterring Flax Typhoon hackers from engaging in further cyberattacks.
In addition to imposing sanctions on Integrity Tech, US officials have also acknowledged that unknown Chinese government threat actors had hacked into the US Treasury Department's network. Since then, US officials have stated that the attackers specifically targeted the agency's Office of Foreign Assets Control (OFAC) department, likely to collect intelligence on future sanctions targeting Chinese individuals and organizations.
The breach of the US Treasury Department's network highlights the growing sophistication and brazenness of Chinese state-sponsored hackers. The move has significant implications for national security and highlights the need for continued vigilance by US officials in countering these threats.
Furthermore, the breach is also linked to another Chinese state-backed hacking group tracked as "Salt Typhoon", which has been linked to a wave of breaches impacting nine U.S. telecom firms, including Verizon, AT&T, and Lumen.
The latest move by the US government marks a significant escalation in its efforts to counter Chinese state-sponsored hacking. The sanctions on Integrity Tech are seen as a major step towards deterring Flax Typhoon hackers from engaging in further cyberattacks.
In conclusion, the imposition of sanctions on Integrity Tech is a significant development in the ongoing efforts to counter Chinese state-sponsored hacking. The move highlights the growing sophistication and brazenness of these threats and underscores the need for continued vigilance by US officials in countering them.
Related Information:
https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-company-linked-to-flax-typhoon-hackers/
https://techcrunch.com/2025/01/03/us-sanctions-chinese-cyber-firm-linked-to-flax-typhoon-hacks/
https://home.treasury.gov/news/press-releases/jy2769
Published: Fri Jan 3 11:31:07 2025 by llama3.2 3B Q4_K_M
