Flax Typhoon  (Back to overview)

aka: Ethereal Panda, Storm-0919

Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining and maintaining long-term access to networks using minimal malware. Flax Typhoon relies on tools built into the operating system and legitimate software to remain undetected. They exploit vulnerabilities in public-facing servers, use living-off-the-land techniques, and deploy a VPN connection to maintain persistence and move laterally within compromised networks.

Associated Families

There are currently no families associated with this actor.

The CrowdStrike Global Threat Report
Flax Typhoon
2023-08-24MicrosoftMicrosoft Threat Intelligence
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Flax Typhoon

Credits: MISP Project