The US government has taken a significant step in combating cyber threats by imposing sanctions on a Beijing-based cybersecurity company, Integrity Technology Group, over its alleged links to a China government-backed hacking group, Flax Typhoon. The Treasury Department's Office of Foreign Assets Control (OFAC) announced the sanctions on Friday, citing the company's role in "multiple computer intrusion incidents against U.S. victims," including critical infrastructure.

The sanctions come months after the US government accused Integrity Technology, also known as Yongxin Zhicheng, of running a botnet associated with the Flax Typhoon hacking group. The botnet, which was dismantled by the FBI in a court-authorized operation in September, comprised over 260,000 internet-connected devices, including cameras, storage devices, and routers. According to a joint advisory published by the FBI and the National Security Agency, the botnet had been operated and controlled by Integrity Technology Group since 2021 to conceal the activities of the Flax Typhoon hackers.

The Treasury Department stated that Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple US and European organizations between mid-2022 and late-2023. While the hacking victims were not named, the Treasury added that the China-backed hacking group compromised "multiple servers and workstations at a California-based entity." A separate press release published by the US Department of State on Friday revealed that Flax Typhoon successfully targeted multiple US universities, government agencies, telecommunications providers, and media organizations.

The new sanctions, which designate Integrity Tech as an organization involved in "malicious cyber-enabled activities," come just days after the Treasury confirmed it was subject to a cyberattack in December that it attributed to China government-backed hackers. The hackers reportedly targeted the Treasury's sanctions office, OFAC, during the intrusion, which gave the hackers remote access to Treasury employees and access to unclassified documents. US officials told The Washington Post that the intrusion may have given the hackers access to information about Chinese organizations that the US government may be considering designating for financial sanctions.

A spokesperson for the Treasury did not return TechCrunch's request for comment. In its statement Friday, the Treasury called Chinese malicious actors "one of the most active and most persistent threats" facing US national security, referencing the targeting of the Treasury's own IT infrastructure. Integrity Tech, which is traded on the Shanghai Stock Exchange, did not respond to TechCrunch's questions.

The sanctions against Integrity Tech mark a significant escalation in the US government's efforts to combat cyber threats emanating from China. The move is likely to have far-reaching implications for the cybersecurity industry, as it highlights the need for companies to be vigilant about their involvement in malicious activities. The incident also underscores the importance of international cooperation in combating cyber threats, as the US government continues to grapple with the challenges of attributing and responding to state-sponsored hacking activities.

In the broader context, the sanctions against Integrity Tech are part of a larger trend of increased tensions between the US and China in the cybersecurity domain. The incident is likely to fuel further debate about the role of nation-states in cyberattacks and the need for more effective deterrents against malicious activities. As the US government continues to navigate the complex landscape of cyber threats, the sanctions against Integrity Tech serve as a reminder of the importance of taking a proactive stance against malicious actors.