Threat Actor: Flax Typhoon | Flax Typhoon
Victim: US critical infrastructure | US critical infrastructure
Key Point :
- Integrity Technology Group Inc. has been sanctioned for its role in cyber incidents attributed to Flax Typhoon.
- The Treasury Department experienced a breach via BeyondTrust, enabling data theft by state-backed actors.
- Previous attacks by another Chinese APT, Salt Typhoon, targeted T-Mobile USA in a cyber-espionage operation.
- The US Treasury emphasizes its commitment to holding malicious cyber actors accountable.
NEWS BRIEF
The US Department of Treasury has sanctioned China-based cybersecurity company Integrity Technology Group Inc. for its role in computer-intrusion incidents against US victims attributed to Chinese state-sponsored Flax Typhoon. The malicious actor has been active since at least 2021 and has targeted organizations in US critical infrastructure sectors.
In tandem, the Treasury Department earlier this week alerted lawmakers of a breach in its own systems through third-party cybersecurity vendor BeyondTrust, allowing Chinese state-backed threat actors to steal data from workstations.
And previously, Salt Typhoon, another Chinese APT, targeted T-Mobile USA in its widescale cyber-espionage operation, aiming to steal sensitive information from a variety of telecommunications companies.
“The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions,” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith, said in a statement. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses.”