Sanctioning PRC Cyber Company Involved in Malicious Botnet Operations
Matthew Miller, Department Spokesperson The United States is imposing sanctions today on the Beijing-based cybersecurity company Integrity Technology Group, Incorporated (Integrity Tech), which has links to the People’s Republic of China (PRC) Ministry of State Security, for its role in multiple computer intrusion incidents against U.S. victims. Integrity Tech is a large PRC government contractor with ties to the Ministry of State Security. It provides services to country and municipal State Security and Public Security Bureaus, as well as other PRC cybersecurity government contractors. PRC-based hackers working for Integrity Tech, known to the private sector as “Flax Typhoon,” were working at the direction of the PRC government, targeting critical infrastructure in the United States and overseas. “Flax Typhoon” hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations. On September 18, the Department of Justice announced a court-authorized operation to disrupt a botnet consisting of more than 200,000 consumer devices infected by Integrity Tech in the United States and worldwide. Along with Five Eyes partners, the United States issued a public cybersecurity advisory outlining some of the tactics employed by PRC-linked cyber actors and providing technical information to network defenders to remediate these threats. These multi-agency efforts reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners. The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors. The Department of the Treasury sanctions actions today were taken pursuant to Executive Order (E.O.) 13694, as amended. For more information, see DOJ’s press release, the cybersecurity advisory , and Treasury’s press release.
Matthew Miller, Department Spokesperson
The United States is imposing sanctions today on the Beijing-based cybersecurity company Integrity Technology Group, Incorporated (Integrity Tech), which has links to the People’s Republic of China (PRC) Ministry of State Security, for its role in multiple computer intrusion incidents against U.S. victims.
Integrity Tech is a large PRC government contractor with ties to the Ministry of State Security. It provides services to country and municipal State Security and Public Security Bureaus, as well as other PRC cybersecurity government contractors. PRC-based hackers working for Integrity Tech, known to the private sector as “Flax Typhoon,” were working at the direction of the PRC government, targeting critical infrastructure in the United States and overseas. “Flax Typhoon” hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations.
On September 18, the Department of Justice announced a court-authorized operation to disrupt a botnet consisting of more than 200,000 consumer devices infected by Integrity Tech in the United States and worldwide. Along with Five Eyes partners, the United States issued a public cybersecurity advisory outlining some of the tactics employed by PRC-linked cyber actors and providing technical information to network defenders to remediate these threats.
These multi-agency efforts reflect our whole-of-government approach to protecting and defending against PRC cyber threats to Americans, our critical systems, and those of our allies and partners. The United States will continue to use all the tools at its disposal to safeguard U.S. critical infrastructure and the American people from irresponsible and reckless cyber actors.
The Department of the Treasury sanctions actions today were taken pursuant to Executive Order (E.O.) 13694, as amended. For more information, see DOJ’s press release, the cybersecurity advisory , and Treasury’s press release.