U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims.
These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or RedJuliett), which was outed last year as operating an Internet of Things (IoT) botnet called Raptor Train.
The hacking crew has been active since at least mid-2021, targeting various entities across North America, Europe, Africa, and across Asia. Attacks mounted by Flax Typhoon have typically leveraged known vulnerabilities to gain initial access to victims' computers and then make use of legitimate remote access software to maintain persistent access.
The Treasury Department described Chinese malicious cyber actors as one of the "most active and most persistent threats to U.S. national security," repeatedly targeting U.S. government systems, including those associated with the federal agency.
"The Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable for their actions," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. "The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses."
Integrity Group, also known as Yongxin Zhicheng, has been accused of providing infrastructure support to Flax Typhoon cyber campaigns between mid-2022 and late-2023, with the U.S. Department of State classifying it as a government contractor with ties to the People's Republic of China (PRC) Ministry of State Security. It was established in September 2010.
"It provides services to country and municipal State Security and Public Security Bureaus, as well as other PRC cybersecurity government contractors," the State Department noted.
"'Flax Typhoon' hackers have successfully targeted multiple U.S. and foreign corporations, universities, government agencies, telecommunications providers, and media organizations."
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner