US Sanctions Chinese Cyber Firm Tied to Flax Typhoon Hacking Operations

US Sanctions Chinese Cyber Firm Tied to Flax Typhoon Hacking Operations

The U.S. government has imposed sanctions on a Beijing-based cybersecurity firm, Integrity Technology Group, due to its alleged connections with the China-backed hacking group known as Flax Typhoon. These sanctions highlight ongoing concerns regarding cybersecurity threats originating from state-sponsored actors.

Sanctions Against Integrity Technology Group

On Friday, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Integrity Technology Group, also referred to as Yongxin Zhicheng. This action is a response to the company’s involvement in “numerous computer intrusion incidents impacting U.S. victims,” including critical infrastructure.

Connection to Flax Typhoon Hacking Group

The sanctions come several months after U.S. authorities accused Integrity Technology of managing a botnet linked to the Flax Typhoon hacking group. In September, the FBI successfully dismantled this botnet, which had compromised over 260,000 internet-connected devices, such as cameras, routers, and storage devices. According to a joint advisory from the FBI and the National Security Agency (NSA), Integrity Technology had been controlling this botnet since 2021 to obscure the activities of the hackers.

Impact on U.S. and European Organizations

The Treasury’s announcement revealed that Flax Typhoon utilized infrastructure associated with Integrity Technology to breach several U.S. and European organizations between mid-2022 and late-2023. Notably, the hacking group compromised “multiple servers and workstations at a California-based entity,” although specific victims were not disclosed.

Targets of the Hacking Group

According to a separate press release from the U.S. Department of State, Flax Typhoon successfully infiltrated:

  • Multiple U.S. universities
  • Government agencies
  • Telecommunications providers
  • Media organizations

Recent Cyberattacks and National Security Concerns

The recent sanctions come shortly after the Treasury confirmed it experienced a cyberattack in December attributed to Chinese state-sponsored hackers. This attack specifically targeted the Treasury’s sanctions office, OFAC, allowing hackers remote access to employees and unclassified documents.

READ ALSO  Exploring the Influential Figures in Elon Musk's DOGE Universe

U.S. officials indicated to The Washington Post that the breach could have provided hackers with sensitive information regarding Chinese entities that might be considered for financial sanctions.

Ongoing Threats from Chinese Cyber Actors

A spokesperson for the Treasury has not responded to inquiries from TechCrunch. Nonetheless, the Treasury has described Chinese malicious actors as “one of the most active and persistent threats” to U.S. national security, particularly in light of their targeting of the Treasury’s IT infrastructure.

Integrity Technology Group, which is publicly traded on the Shanghai Stock Exchange, has yet to comment on this matter.

Source link

Similar Posts

Trump Administration Makes Controversial Move: Dismisses Cybersecurity Review Board Members in 'Shortsighted' Decision

Trump Administration Makes Controversial Move: Dismisses Cybersecurity Review Board Members in ‘Shortsighted’ Decision

Bysupport

On January 21, 2021, the Department of Homeland Security (DHS) announced the termination of its advisory committees, including the Cyber Security Review Board (CSRB), raising cybersecurity concerns. Experts criticized the decision, highlighting its shortsightedness amid ongoing cyber threats from China. A CSRB member warned that halting the board’s review could jeopardize national security. The DHS cited resource mismanagement as the rationale for disbanding the committees, despite members being unpaid. Experts hope future appointments will prioritize merit over political affiliations. The CSRB’s critical role in analyzing significant cyber breaches underscores the need for effective cybersecurity strategies moving forward.

Massive US Government Data Breach: The Largest Cybersecurity Incident Unfolding Now

Massive US Government Data Breach: What You Need to Know Now

Bysupport

Elon Musk’s advisory board, the Department of Government Efficiency (DOGE), has gained alarming access to sensitive U.S. government data, including personal information of millions of federal employees and a $6 trillion payment system. Comprised mainly of young staff from Musk’s companies, DOGE’s questionable cybersecurity practices, such as using personal email accounts for government communications, have raised concerns among lawmakers and cybersecurity experts. The lack of oversight and transparency regarding staff security clearances has led to fears of potential data breaches, national security risks, and legal repercussions. Lawmakers are demanding clarity on DOGE’s operations and authority as the situation unfolds.

Global Law Enforcement Unites to Dismantle Major Cybercrime and Hacking Forums

Global Law Enforcement Unites to Dismantle Major Cybercrime and Hacking Forums

Bysupport

An international coalition led by Europol and Germany’s BKA has dismantled two major hacking forums, Cracked and Nulled, with over 10 million users, in an operation called Operation Talent. The crackdown, conducted from Tuesday to Thursday, resulted in two arrests, the seizure of 17 servers, 50 electronic devices, and €300,000 in cash and cryptocurrency. These forums were key platforms for cybercrime transactions involving stolen data and malware. The operation involved multiple international agencies, including the FBI, and underscores ongoing efforts to combat cybercrime, following previous successful takedowns of similar platforms.

10 Warning Signs Your Online Accounts May Have Been Hacked: Stay Secure!

10 Warning Signs Your Online Accounts May Have Been Hacked: Stay Secure!

Bysupport

As cybersecurity threats increase, it’s essential to protect your online presence from potential breaches targeting bank accounts and personal information. Key security practices include enabling Multi-Factor Authentication (MFA), monitoring account activity, updating passwords regularly, and using security keys. Specific account security tips are provided for platforms like Gmail, Microsoft Outlook, LinkedIn, and more, guiding users on how to check for unauthorized access and secure their accounts. By proactively managing account security, individuals can significantly reduce the risk of unauthorized access and protect their digital information. For further guidance, refer to Access Now’s Digital Security Helpline.

Unlocking Success: Why AI Startups Must Harness Proprietary Data to Differentiate Themselves

Empowered Victims Unite: How PowerSchool Data Breach Survivors Collaborated to Uncover the ‘Massive’ Hack

Bysupport

On January 7, 2023, Romy Backus, an administrator at the American School of Dubai, learned about a significant data breach affecting her school, linked to PowerSchool, a major education technology provider. Hackers compromised sensitive information, including Social Security numbers and academic records, impacting over 60 million students across North America. In response, Backus initiated breach protocols and collaborated with other schools to share information and develop a guide on the breach. Despite PowerSchool’s quick alert, communication proved confusing. The incident highlighted the need for improved cybersecurity measures and collaboration within the education sector, with community support emerging as vital.

Drata Expands Security Compliance Solutions with $250M Acquisition of SafeBase

Drata Expands Security Compliance Solutions with $250M Acquisition of SafeBase

Bysupport

Drata, a prominent security compliance automation platform, has acquired software security review startup SafeBase for $250 million to enhance its compliance offerings for frameworks like SOC 2 and GDPR. Founded in 2020, SafeBase will operate independently while integrating its AI-driven solutions that streamline security questionnaire processes into the Drata platform. With $53.1 million in venture funding and a client base exceeding 1,000, including major companies like LinkedIn and CrowdStrike, SafeBase’s innovative tools, such as custom AI models and analytics dashboards, aim to improve organizational security posture. This acquisition reflects Drata’s commitment to meeting the growing demand for trust management solutions.