Treasury imposes sanctions on Chinese firm over attack on U.S. routers. The cybersecurity company was linked to the Flax Typhoon attacks that infiltrated around 260,000 internet-connected devices ...

US authorities believe Flax Typhoon has operated since at least 2021 and has pursued a range of global targets, including US entities. The group often attacks critical infrastructure and ...

Flax Typhoon, the Treasury Department said, has targeted organizations within U.S. critical infrastructure sectors and has also worked since 2021 to compromise computer networks in North America, ...

Wray said Flax Typhoon appeared to build on the exploits and tactics of another China-linked hacking group, known as Volt Typhoon, which was identified by Microsoft in May of last year.

Wray said Flax Typhoon had routed malicious traffic through a network of hijacked devices called a "a botnet." In this case, the devices included cameras and digital storage devices that Wray said ...

The Treasury said in its statement that Flax Typhoon used infrastructure linked to Integrity Tech to compromise multiple U.S. and European organizations between mid-2022 and late-2023.

Flax Typhoon was first reported by Microsoft in August 2023, when the group's activities intensified, particularly against Taiwanese organizations. Older devices, ...

Between summer 2022 and fall 2023, Flax Typhoon accessed several systems associated with U.S. and European entities, Treasury said in a Friday statement that announced the sanctions.

Flax Typhoon, in contrast, was interested more in traditional espionage and information theft. Microsoft previously wrote that the hackers in the group went after telecommunications targets and ...

The FBI also connected the botnet to the Flax Typhoon state-sponsored hackers, saying that the control of Raptor Train was done through the Chinese company Integrity Technology Group ...

The Treasury Department says Integrity Tech operated Flax Typhoon's botnet—a network of at least 260,000 compromised devices that helped the attackers hide their identities.