The United States government has announced today that it is imposing sanctions on Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company with ties to the People’s Republic of China (PRC) Ministry of State Security. This move comes in response to Integrity Tech’s involvement in a series of cyberattacks targeting U.S. and international entities.
Malicious Cyber Operations Targeting Critical Infrastructure
Integrity Tech, a major PRC government contractor, has been implicated in facilitating malicious cyber operations through a group known as “Flax Typhoon.” These PRC-based hackers, working under the direction of the Chinese government, have carried out targeted intrusions against critical infrastructure both in the United States and overseas. The compromised targets include U.S. corporations, government agencies, universities, telecommunications providers, and media organizations.
The U.S. Department of Justice (DOJ) announced in September 2024 that it had disrupted a massive botnet of more than 200,000 consumer devices infected by Integrity Tech’s operations. This botnet, which spanned both domestic and international networks, posed significant risks to the integrity of global cybersecurity systems. The U.S. government, alongside its Five Eyes intelligence partners, issued a public cybersecurity advisory to alert organizations and provide technical guidance for defending against the malicious tactics employed by the PRC-linked cyber actors.
A Global Cybersecurity Threat
The sanctions against Integrity Tech are part of the U.S. government’s broader strategy to confront and mitigate the growing threat posed by PRC cyber actors. The company has long been known for providing services to PRC State Security and Public Security Bureaus, which oversee intelligence and law enforcement activities in China. Integrity Tech’s extensive role in facilitating cyberattacks makes it a key player in the Chinese government’s ongoing efforts to undermine global cybersecurity.
“Flax Typhoon” is known for its sophisticated and widespread operations, which have successfully infiltrated a variety of sectors, including the critical infrastructure of the U.S. and its allies. The scale of the operation, coupled with the targeted nature of the cyber intrusions, underscores the urgency of the sanctions.
U.S. Commitment to Protecting Critical Infrastructure
In today’s statement, U.S. Treasury Secretary Janet Yellen highlighted that the sanctions reflect the United States’ commitment to defending its critical infrastructure and holding accountable those who seek to compromise cybersecurity worldwide. “The United States will continue to use every tool at its disposal to safeguard our critical infrastructure from malicious actors, including those linked to the PRC government,” said Yellen.
The sanctions against Integrity Tech were imposed under Executive Order 13694, as amended, which targets cyber actors involved in malicious activities that threaten the national security, foreign policy, or economic interests of the United States. The U.S. Treasury Department has made it clear that this action represents a broader effort to address the increasing threat of cyber operations that undermine global cybersecurity and endanger private-sector and public-sector systems.
A Whole-of-Government Approach to Cybersecurity
This latest round of sanctions is part of the U.S. government’s ongoing, whole-of-government strategy to combat the growing cyber threat from China. The DOJ’s intervention in dismantling the botnet in September was a coordinated effort to disrupt the malicious activities of PRC-linked actors. The advisory issued in partnership with Five Eyes allies provided important resources to help companies and institutions protect their networks from further incursions.
“The United States and its partners will continue to work together to identify, expose, and disrupt cyber threats,” said Secretary of State Antony Blinken. “Our efforts reflect our determination to protect the American people and our allies from reckless and irresponsible cyber actors.”
Next Steps and Global Cooperation
The U.S. government continues to take action to defend against cyber threats from the PRC and other state-sponsored actors. By utilizing its legal and diplomatic tools, the United States aims to hold those responsible for cybercrimes accountable and mitigate risks to global security. As cyberattacks become increasingly complex and pervasive, international cooperation is essential to ensuring a safer and more secure digital environment for all.
For more details on today’s sanctions and related actions, see the U.S. Treasury Department’s press release and the DOJ’s announcement.
The Department of the Treasury sanctions actions today were taken pursuant to Executive Order (E.O.) 13694, as amended. For more information, see DOJ’s press release, the cybersecurity advisory , and Treasury’s press release.