Treasury Dept. Hits Chinese Tech Company With Sanctions After Breach

The agency imposed penalties on a company it blamed for supporting the Chinese hacking group Flax Typhoon in a 2022-23 infiltration.

The Treasury Department imposed sanctions on a Beijing-based cybersecurity company on Friday, blaming it for helping Chinese hackers infiltrate U.S. communications systems and conduct surveillance across four continents.

In an announcement, the department said the company, Integrity Technology Group, had supported a Chinese state-sponsored hacking group known as Flax Typhoon in a campaign to break into foreign networks between the summer of 2022 and 2023, saying it found the group had “routinely sent and received information from Integrity Tech infrastructure.”

The action came after the Treasury Department revealed in a letter to lawmakers this week that a Chinese intelligence agency had breached its systems in what appeared to be an espionage operation, gaining access to the workstations of government employees and unclassified documents.

A spokesman for the department did not specify whether Flax Typhoon had been implicated in the attack on the Treasury Department’s systems, or whether the sanctions were merely part of a larger operation to disrupt China’s cybercapabilities.

The sanctions also follow the much more damaging revelation last year that a group linked to Chinese intelligence agencies and known as Salt Typhoon had hacked U.S. telecommunications networks, targeting the telephone conversations and text messages of an array of top political figures, including President-elect Donald J. Trump.

Like Salt Typhoon, Flax Typhoon is among a handful of groups that Microsoft has publicly identified as being linked to Chinese intelligence and responsible for a range of state-sponsored cyberattacks. The group has been active since 2021 and appears focused on targets in Taiwan and the United States, according to the Congressional Research Service.

“The Treasury Department will not hesitate to hold malicious cyberactors and their enablers accountable for their actions,” Bradley T. Smith, an acting under secretary of the Treasury, said in a statement. “The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyberdefenses.”

In September, the F.B.I. said it had taken down a network of 200,000 consumer devices in the United States and abroad that had been compromised with malware and weaponized by Flax Typhoon.

The sanctions announced on Friday generally prohibit financial institutions and individuals from transacting with Integrity Technology Group, and freeze any of its assets in the United States.

It was not immediately clear what the breach of the Treasury Department may have achieved, but the agency represents an attractive target for state-sponsored hackers because of its Office of Foreign Assets Control, which is responsible for imposing sanctions and determining which individuals represent a threat to national security.