Alston & Bird Privacy, Cyber & Data Strategy Blog

OFAC Announces Sanctions Against Chinese-Based Cybersecurity Company

By and

On January 3, 2025, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions on a Chinese-based cybersecurity company, Integrity Technology Group, Inc. (“Integrity Tech”). These sanctions were in response to Integrity Tech’s “role in multiple computer intrusion incidents against U.S. victims.”

The incidents have been attributed to Flax Typhoon, a Chinese state-sponsored threat actor. Flax Typhoon “used infrastructure tied to Integrity Tech during their computer network exploitation activities against multiple victims.” Flax Typhoon, active since at least 2021, has successfully targeted U.S. critical infrastructure as well as organizations such as universities, government agencies, telecommunications providers, and media organizations.

The sanctions were issued under Executive Order 13694, as amended by Executive Order 13757, which targets entities involved in cyber-enabled activities that threaten national security. Some of the implications of the sanctions from OFAC include:

  • All property and interests in property of Integrity Tech that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to the OFAC.
  • S. individuals or entities are prohibited from engaging in transactions involving Integrity Tech.
  • S. entities that are owned 50% or more by Integrity Tech are blocked.
  • Financial institutions and other persons that engage in certain transactions or activities with Integrity Tech may expose themselves to sanctions or be subject to an enforcement action.

Integrity Tech responded to these sanctions by stating the decision by the OFAC lacks factual basis and characterized the accusations as baseless.

Bradley Smith, Acting Under Secretary for Terrorism and Financial Intelligence, emphasized that they “will not hesitate to hold malicious cyber actors and their enablers accountable for their actions.” This statement in addition to the sanctions from OFAC signal the U.S. Government’s continued effort to mitigate cyber threats within the U.S. As these cyber threats continue individuals and organizations should remain diligent in their efforts to maintain adequate security controls.

LinkedIn
Avatar photo

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

Avatar photo

About Carson Kuck

Carson draws on his experience supporting federal and state offices to help clients find solutions to their cybersecurity and data privacy matters.

[Read Bio]

Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly