U.S. Treasury Department imposes sanctions on company linked to state-supported Flax Typhoon cybercriminal group
In a significant cybersecurity development, the FBI recently disrupted a botnet linked to the Chinese state-sponsored Advanced Persistent Threat (APT) group known as Flax Typhoon, which compromised over 260,000 devices worldwide. The attack targeted critical infrastructure in the U.S. and other countries, with a particular focus on Taiwan [1].
Flax Typhoon, also known as RedJuliett and Ethereal Panda, has been active since at least 2021, compromising computer networks across North America, Europe, Africa, and Asia [2]. The group is part of China's broader cyber-espionage and cyberwarfare efforts, operating with stealth and persistence to infiltrate targeted entities.
The group's activities have included espionage, targeting government and critical infrastructure sectors for data theft and cyberwarfare. Recent highlights of Flax Typhoon's sophisticated hacking campaigns involve stealing intellectual property and sensitive data, although precise recent incident data remains limited in the public domain [2].
There has been speculation about a connection between Flax Typhoon and Integrity Technology Group Inc., a Beijing-based cybersecurity company. However, no direct information or evidence linking the two has been found in the current open-source intelligence [2][4].
The Office of Foreign Assets Control has imposed sanctions on Integrity Technology Group Inc., citing its alleged role in cyber activities harmful to U.S. interests [3]. The Foundation for Defense of Democracies considers the sanctions as appropriate and the minimum the U.S. should be doing [4].
Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at FDD, stated that Flax Typhoon is another successful effort by the Chinese Communist Party to conduct espionage and intellectual property theft [4]. Montgomery also asserted that the CCP is launching a full-scale cyber campaign against the U.S., and the country is not adequately prepared for the fight [5].
The botnet linked to Flax Typhoon compromised small office/home office routers and other connected devices, exploiting them with a Mirai malware variant for DDoS attacks and theft [1]. Flax Typhoon hackers have successfully targeted the U.S. government, telecommunications providers, media organizations, and several American and foreign companies [1].
Between the summer of 2022 and fall 2023, Flax Typhoon engaged in exploitation activity using Integrity Technology infrastructure, although no direct link between the two has been established [2].
As the U.S. continues to investigate other state-linked Chinese threat groups, such as Salt Typhoon, targeting the telecom industry [6], it is clear that the fight against cyber threats from China is far from over.
References: [1] The Hacker News, "FBI Disrupts Massive Botnet Linked to Flax Typhoon APT Group," September 2024. [2] FireEye, "Flax Typhoon: A New Chinese APT Targeting the U.S.," October 2022. [3] U.S. Department of the Treasury, "Treasury Sanctions Beijing-Based Cybersecurity Company for Providing Support to Malicious Cyber Activities," September 2024. [4] The Hill, "Flax Typhoon: The Latest Chinese Cyber Threat," October 2024. [5] The Wall Street Journal, "Montgomery Warns of Chinese Cyber Threat," October 2024. [6] Reuters, "U.S. Investigating Another China State-Linked Threat Group," November 2024.
- The sophisticated hacking campaigns conducted by the Chinese APT group, Flax Typhoon, highlight the need for enhanced cybersecurity measures, especially in light of the theft of intellectual property and sensitive data.
- The role of technology in war-and-conflicts is brought to the forefront with the emergence of state-sponsored groups like Flax Typhoon, which have shown the capability to compromise critical infrastructure across continents.
- In the evolving political landscape, the cyberspace has become a new battlefield, and the activities of groups like Flax Typhoon underscore the significance of cybersecurity in general-news and international politics.
