Integrity Tech — known colloquially by cybersecurity researchers as Flax Typhoon — was disrupted in a previous FBI takedown operation that dismantled a nexus of compromised cameras, routers, recorders and other everyday internet of things devices used to stage espionage activity into government agencies, media organizations and other firms.
The Integrity Tech botnet had infected some 260,000 devices by this past June, FBI Director Christopher Wray said in September when the takedown was announced.
Between summer 2022 and fall 2023, Flax Typhoon accessed several systems associated with U.S. and European entities, Treasury said in a Friday statement that announced the sanctions. “The actors maliciously used virtual private network software and remote desktop protocols to facilitate this access.”
The State Department said the group “successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers and media organizations” in its own statement.
The syndicate of “Typhoon” monikers represents various Chinese government-backed hacking groups that have sought to gain footholds in U.S. and allied nations’ key systems for several years.
Volt Typhoon has broken into critical infrastructure like power plants and water systems, with the aim of shuttering them to cause societal panic should the U.S. enter military conflict with Beijing over claims to Taiwan. Salt Typhoon is an espionage unit that breached dozens of telecommunications providers and targeted communications of some 100 high-value political figures and officials.
The Treasury Department itself is reeling from a Chinese hack into its Departmental Offices systems and its Office of Foreign Assets Control, the latter of which carried out the sanctions against Integrity Tech. It’s not entirely clear if the action is a response to that hack, which was reported earlier this week.
]]>