The Treasury Department imposed sanctions on a Beijing-based cybersecurity firm on Friday, accusing it of helping Chinese hackers infiltrate U.S. communications systems and conduct surveillance on four continents.
In an announcement, the department said the company, Integrity Technology Group, had supported a Chinese state-sponsored hacking group known as Flax Typhoon in a campaign to break into foreign networks between the summer of 2022 and 2023, saying it having discovered that the group had “information sent to and received regularly by Integrity Tech infrastructure”.
The action came after the Treasury Department revealed in a letter to lawmakers this week that a Chinese intelligence agency had breached its systems in what appeared to be a spy operation, gaining access to government employee work and unclassified documents.
A department spokesperson did not say whether Flax Typhoon had been implicated in the attack on Treasury Department systems, or whether the sanctions were simply part of a larger operation to disrupt China’s cyber capabilities.
The sanctions also follow the far more damaging revelation last year that a group linked to Chinese intelligence agencies and known as Salt Typhoon had hacked into US telecommunications networks, targeting the telephone conversations and text messages of a number of major political figures, including President-elect Donald J. Trump.
Like Salt Typhoon, Flax Typhoon is among a handful of groups that Microsoft has publicly identified as linked to Chinese intelligence and responsible for a series of state-sponsored cyberattacks. The group has been active since 2021 and appears focused on targets in Taiwan and the United States, according to the Congressional Research Service.
“The Treasury Department will not hesitate to hold malicious cyber authors and their enablers accountable for their actions,” Bradley T. Smith, Under Secretary of the Treasury, said in a statement. “The United States will use all available tools to counter these threats as we continue to work collaboratively to strengthen public and private sector cyber defenses.”
In September, the FBI said it had shut down a network of 200,000 consumer devices in the United States and abroad that had been compromised with malware and weaponized by Flax Typhoon.
The sanctions announced Friday generally ban financial institutions and individuals from transacting with Integrity Technology Group and freeze all of its assets in the United States.
It was not immediately clear what the effect of the Treasury Department breach may have been, but the agency is an attractive target for state-sponsored hackers because of its Office of Foreign Assets Control, which is responsible for imposing sanctions and determine which individuals pose a threat to national security.