SYMBOLCOMMON_NAMEaka. SYNONYMS

Flax Typhoon  (Back to overview)

aka: Ethereal Panda, Storm-0919

Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining and maintaining long-term access to networks using minimal malware. Flax Typhoon relies on tools built into the operating system and legitimate software to remain undetected. They exploit vulnerabilities in public-facing servers, use living-off-the-land techniques, and deploy a VPN connection to maintain persistence and move laterally within compromised networks.


Associated Families
elf.nosedive

References
2024-09-18LumenBlack Lotus Labs
Derailing The Raptor Train
Nosedive
2024-09-18ASD, CNMF, CSE Canada, FBI, GCSB, NCSC UK, NSA
People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
Nosedive
2024-09-18U.S. Department of Justice
Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
Nosedive
2024-09-18LumenBlack Lotus Labs
Derailing the Raptor Train
Nosedive
2024-01-01CrowdStrikeCrowdStrike
The CrowdStrike Global Threat Report
Flax Typhoon
2023-08-24MicrosoftMicrosoft Threat Intelligence
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Flax Typhoon

Credits: MISP Project