US Sanctions Chinese Firm Linked to Seized Botnet

Remember that massive botnet run by Chinese government hackers? Flax Typhoon 'compromised computer networks in North America, Europe, Africa, and across Asia, with a particular focus on Taiwan,' according to the U.S. Treasury Department. (The group's botnet breaching this autumn affected 'at least 260,000 internet-connected devices,' reports the Washington Post, 'roughly half of which were located in the United States.')

Friday America's Treasury Department sanctioned 'a Beijing-based cybersecurity company for its role in multiple computer intrusion incidents against U.S. victims...' according to an announcement from the department's Office of Foreign Assets Control. 'Between summer 2022 and fall 2023, Flax Typhoon actors used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims. During that time, Flax Typhoon routinely sent and received information from Integrity Tech infrastructure.'

From the Washington Post:

The group behind the attacks was active since at least 2021, but U.S. authorities only managed to wrest control of the devices from the hackers in September, after the FBI won a court order that allowed the agency to send commands to the infected devices...

Treasury's designation follows sanctions announced last month on Sichuan Silence Information Technology Company, in which U.S. officials accused the company of exploiting technology flaws to install malware in more than 80,000 firewalls, including those protecting U.S. critical infrastructure. The new sanctions on Beijing Integrity Technology are notable due to the company's public profile and outsize role in servicing China's police and intelligence services via state-run hacking competitions. The company, which is listed in Shanghai and has a market capitalization of more than $327 million, plays a central role in providing state agencies 'cyber ranges' — technology that allows them to simulate cyberattacks and defenses...

In September, FBI Director Christopher A. Wray said the Flax Typhoon attack successfully infiltrated universities, media organizations, corporations and government agencies, and in some cases caused significant financial losses as groups raced to replace the infected hardware. He said at the time that the operation to shut down the network was 'one round in a much longer fight....' A 2024 assessment by the Office of the Director of National Intelligence said China is the most 'active and persistent' cyberthreat and that actors under Beijing's direction have made efforts to breach U.S. critical infrastructure with the intention of lying in wait to be able to launch attacks in the event of major conflict.

'The Treasury sanctions bar Beijing Integrity Technology from access to U.S. financial systems and freeze any assets the company might hold in the United States,' according to the article, 'but the moves are unlikely to have a significant effect on the company,' (according to Dakota Cary, a fellow at the Atlantic Council who has studied the company's role in state-sponsored hacking).

Read more of this story at Slashdot.