Flax Typhoon
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | RedJuliett , Ethereal Panda |
Flax Typhoon is a cyber intrusion set tracked by researchers at Microsoft Threat Intelligence who attribute the group as a nation-state adversary based in China. The have been observed targeting multiple orgainizations in Taiwan with a likely espionage motive - gaining access to organizations and the demonstrating an intent to maintain access for as long as possible.
Flax Typhoon use living-off-the-land techniques alongside dedicated offensive security tooling such as China Chopper, Metasploit and Mimikatz. The group are also known to use the Soft Ether VPN client.
FlaxTyphoon are believed to overlap with ETHEREAL PANDA (CrowdStrike) and RedJuliett (Recorded Future).
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Flax Typhoon Threat Reports
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
This blog post by Microsoft Threat Intelligence outlines the Flax Typhoon intrusion set and TTPs demonstrated by the group. It describes the actor ...
References
www.microsoft.com
https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/www.recordedfuture.com
https://www.recordedfuture.com/research/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeterwww.cfr.org
https://www.cfr.org/cyber-operations/flax-typhoonwww.recordedfuture.com
https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeterMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.