Hack Reports - Latest Cybersecurity News, Trends & Updates

US sanctions Chinese company linked to Flax Typhoon hackers

Geetansh -

Latest News on US Sanctions, Flax Typhoon Hackers, and Chinese Company Cyber Attacks

US Sanctions and Flax Typhoon Hackers

  1. US Sanctions Chinese Cyber Firm Linked to Flax Typhoon:

    • The US has imposed sanctions on a Chinese cybersecurity firm linked to the Flax Typhoon hacking group, which was involved in a botnet attack that hijacked connected devices to target government agencies15.

  2. Flax Typhoon Botnet Dismantled:

    • In September 2024, the FBI dismantled the Flax Typhoon botnet, which was used to hijack connected devices and use them in attacks against government agencies1.

  3. Salt Typhoon and Flax Typhoon Connection:

    • There is a connection between Salt Typhoon and Flax Typhoon, as both groups have been linked to cyber espionage operations targeting critical infrastructure sectors globally. Salt Typhoon has been particularly active in 2024, breaching at least nine US telecommunications companies23.

Chinese Company Cyber Attacks

  1. US Treasury Data Breach:

    • A Chinese-state-sponsored cyberattack compromised the US Treasury Department's systems through a vulnerability in the third-party cybersecurity provider BeyondTrust. The breach included classified documents related to President-elect Donald Trump, Vice President-elect JD Vance, and Vice President Kamala Harris's 2024 presidential campaign3.

  2. Salt Typhoon Breaches:

    • Salt Typhoon has been identified as a China-linked Advanced Persistent Threat (APT) group that has breached telecommunications companies in dozens of countries, including at least eight US companies such as AT&T and Verizon23.

  3. US Sanctions on Chinese Companies:

    • In December 2024, the US sanctioned a Chinese cybersecurity firm, Sichuan Silence, for alleged involvement in ransomware attacks. This move follows the broader trend of US sanctions against Chinese state-backed hacking groups3.

Cybersecurity Measures

  1. US Government Guidance:

    • The US government has issued security guidance to telecommunications companies to disrupt the pattern of Chinese state-affiliated actors breaching domestic organizations. The guidance includes recommendations such as using comprehensive alerting mechanisms, leveraging network flow monitoring solutions, limiting exposure of management traffic to the Internet, and hardening various aspects of systems and devices3.

  2. Supply Chain Attacks:

    • A recent supply chain attack compromised 36 Chrome extensions, highlighting the ongoing threat of cyber attacks through legitimate software channels4.

These updates reflect the ongoing cybersecurity challenges posed by Chinese state-backed hacking groups and the measures being taken by the US government to mitigate these threats.