SYMBOL | COMMON_NAME | aka. SYNONYMS |
Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining and maintaining long-term access to networks using minimal malware. Flax Typhoon relies on tools built into the operating system and legitimate software to remain undetected. They exploit vulnerabilities in public-facing servers, use living-off-the-land techniques, and deploy a VPN connection to maintain persistence and move laterally within compromised networks.
There are currently no families associated with this actor.
2024-01-01
⋅
CrowdStrike
⋅
The CrowdStrike Global Threat Report Flax Typhoon |
2023-08-24
⋅
Microsoft
⋅
Flax Typhoon using legitimate software to quietly access Taiwanese organizations Flax Typhoon |