In a statement, the State Department described Integrity Technology as a major government contractor with close ties to China’s Ministry of State Security. The department alleged that hackers under Integrity’s direction targeted critical infrastructure in the U.S.
In a statement, the State Department described Integrity Technology as a major government contractor with close ties to China’s Ministry of State Security. The department alleged that hackers under Integrity’s direction targeted critical infrastructure in the U.S. and other countries, carrying out activities on behalf of the Chinese government.
Western intelligence officials have long linked Integrity Technology to Flax Typhoon. In September, FBI Director Christopher Wray accused the company of gathering intelligence and conducting reconnaissance for Chinese security agencies.
A joint advisory issued by the U.S., UK, Canada, Australia, and New Zealand further detailed the extent of the hacking group’s activities, claiming that Flax Typhoon had compromised over 250,000 devices worldwide.
Chinese officials have dismissed the accusations as unfounded, accusing the U.S. and its allies of "groundless allegations" and an unfair targeting of China in matters of cybersecurity.
The sanctions come amidst heightened scrutiny of Chinese cyber-espionage groups.
In addition to Flax Typhoon, groups like "Volt Typhoon" and "Salt Typhoon" have also been implicated in targeting sensitive U.S. data and infrastructure. American officials have expressed concerns that Volt Typhoon’s actions may be tied to preparations for potential conflict, while Salt Typhoon has reportedly infiltrated U.S. telecommunications systems.
The announcement follows reports of another Chinese-linked hacking incident last week, where an unidentified group breached the U.S. Treasury Department’s computer systems. The attackers reportedly accessed data from the department’s sanctions office, according to The Washington Post.
The sanctions on Integrity Technology signal a broader U.S. effort to counter growing cyber threats and underscore the ongoing tensions between the two global powers in the realm of digital security.
TechEchelon Staff bylines are produced collectively by the newsroom for short, breaking, and wire-style coverage. Longer-form reporting is published under the responsible reporter's name.
More from the Staff →CISA has confirmed active exploitation of CVE-2026-20253, a critical Splunk Enterprise flaw that allows unauthenticated remote attackers to manipulate files, and ordered federal civilian agencies to patch by Sunday under Binding Operational Directive 26-04.
Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customer Salesforce environments on June 12, as the newly emerged Icarus extortion group publicly claims responsibility and the list of affected organizations continues to grow.
Human Rights Watch obtained Bulgarian export licensing records showing surveillance firm Circles sold phone-interception and geolocation tools to ten governments — including the UAE, Bahrain, and Azerbaijan — between 2018 and 2023, raising fresh questions about the EU's export control enforcement.
Written for readers who already know the basics — markets, AI, and the policy decisions that shape both.