Targeting the Shadows: A Bold Move Against a Malicious PRC Cyber Company

The United States is enacting sanctions today against the Beijing-headquartered cybersecurity firm Integrity Technology Group, Incorporated (Integrity Tech), which is connected to the People’s Republic of China (PRC) Ministry of State Security, due to its involvement in various computer breach incidents targeting U.S. entities.

Integrity Tech is a significant contractor for the PRC government with affiliations to the Ministry of State Security. It offers services to both national and municipal State Security and Public Security Bureaus, as well as additional PRC cybersecurity contractors. Hackers from the PRC associated with Integrity Tech, referred to in the private sector as “Flax Typhoon,” operated under the direction of the PRC government, aiming at critical infrastructure in the United States and abroad. These “Flax Typhoon” hackers have successfully assaulted numerous U.S. and international corporations, educational institutions, government bodies, telecommunications companies, and media outlets.

On September 18, the Department of Justice declared a court-sanctioned operation to dismantle a botnet comprising over 200,000 consumer devices infected by Integrity Tech in the United States and globally. In collaboration with Five Eyes partners, the United States released a public cybersecurity advisory detailing certain tactics utilized by PRC-affiliated cyber agents while providing technical guidance to network defenders for addressing these threats.

These collaborative efforts across multiple agencies exemplify our whole-of-government strategy for combating and defending against PRC cyber threats to citizens, our crucial systems, and those of our allies and partners. The United States will persist in employing all available resources to protect U.S. critical infrastructure and the safety of the American populace against irresponsible and reckless cyber threats.

The sanctions actions declared today by the Department of the Treasury were executed pursuant to Executive Order (E.O.) 13694, as updated. For further details, refer to DOJ’s press release, the cybersecurity advisory , and Treasury’s press release.