Deep Dive
Shownotes Transcript
This is TechCrunch. This episode is brought to you by Shopify.
Forget the frustration of picking commerce platforms when you switch your business to Shopify, the global commerce platform that supercharges your selling wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at shopify.com slash tech, all lowercase. That's shopify.com slash tech.
The U.S. government has sanctioned a Beijing-based cybersecurity company over its alleged links to a China government-backed hacking group tracked as Flax Typhoon.
So on Friday, the Treasury Department's Office of Foreign Assets Control announced the sanctions against the Integrity Technology Group for its role in multiple computer intrusion incidents against U.S. civilians, including U.S. critical infrastructure. The sanctions land months after the U.S. government accused Integrity Technology of running a botnet associated with the Flax Typhoon hacking group.
The botnet, which was dismantled by the FBI in a court-authorized operation in September, was made up of more than 260,000 internet-connected devices, including cameras, storage devices, and routers. That's according to a joint advisory published by the FBI and the NSA at the time. The agencies said the botnet had been operated and controlled by the Integrity Technology Group since 2021, and
to conceal the activities of the Flax Typhoon hackers. The Treasury said in its statement that Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple U.S. and European organizations between mid-2022 and late 2023.
The hacking victims were not named, but the Treasury added that the China-backed hacking group compromised multiple servers and workstations at a California-based entity. According to a separate press release published by the U.S. Department of State on Friday, Flax Typhoon successfully targeted multiple U.S. universities, government agencies, telecommunications providers, and media organizations.
The new sanctions, which designate Integrity Tech as an organization involved in malicious cyber-enabled activities, come just days after the Treasury confirmed it was subject to a cyber attack back in December that it attributed to China government-backed hackers.
The hackers reportedly targeted the Treasury's sanctions office, the OFAC, during the intrusion, which gave the hackers remote access to Treasury employees and access to unclassified documents. U.S. officials told the Washington Post that the intrusion may have given the hackers access to information about Chinese organizations that the U.S. government may be considering designating for financial sanctions.
A spokesperson for the Treasury did not return TechCrunch's request for comment. In its statement Friday, the Treasury called Chinese malicious actors one of the most active and most persistent threats facing U.S. national security, referencing the targeting of the Treasury's own IT infrastructure. Integrity Tech, which is traded on the Shanghai Stock Exchange, also did not respond to TechCrunch's questions.