According to the Treasury Department, Chinese malicious cyberactors continue other pose one of the most active and most persistent threats to U.S. national security.

“The United States will use all available tools to disrupt these threats as we continue working collaboratively to harden public and private sector cyber defenses,” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said in a statement.

Flax Typhoon, the Treasury Department said, has targeted organizations within U.S. critical infrastructure sectors and has also worked since 2021 to compromise computer networks in North America, Europe, Africa and across Asia.

Treasury alleged that Flax Typhoon used infrastructure tied to Integrity Technology against multiple victims between summer 2022 and fall 2023.

“The actors maliciously used virtual private network software and remote desktop protocols to facilitate this access,” Treasury said in a statement. “In summer 2023, Flax Typhoon compromised multiple servers and workstations at a California-based entity.”

In September 2024 FBI Director Christopher Wray said a China-backed botnet operated by Flax Typhoon was disrupted, freeing hundreds of thousands of infected devices.

Wray said then that Flax Typhoon was using the botnet to attack critical U.S. infrastructure and overseas targets, including public and private entities in academia and media.

According ot the Treasury Department Flax Typhoon exploits publicly known vulnerabilities to gain access to victims’ computers and then uses legitimate remote access software to maintain lasting control over their networks.