| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining and maintaining long-term access to networks using minimal malware. Flax Typhoon relies on tools built into the operating system and legitimate software to remain undetected. They exploit vulnerabilities in public-facing servers, use living-off-the-land techniques, and deploy a VPN connection to maintain persistence and move laterally within compromised networks.
| 2024-09-18
⋅
Lumen
⋅
Derailing The Raptor Train Nosedive |
| 2024-09-18
⋅
People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations Nosedive |
| 2024-09-18
⋅
Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers Nosedive |
| 2024-09-18
⋅
Lumen
⋅
Derailing the Raptor Train Nosedive |
| 2024-01-01
⋅
CrowdStrike
⋅
The CrowdStrike Global Threat Report Flax Typhoon |
| 2023-08-24
⋅
Microsoft
⋅
Flax Typhoon using legitimate software to quietly access Taiwanese organizations Flax Typhoon |