Security News > 2023 > August > China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign.
The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda.
"Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks," the company said.
A majority of the targets include government agencies, educational institutions, critical manufacturing, and information technology organizations in Taiwan.
Initial access is facilitated by means of exploiting known vulnerabilities in public-facing servers and deploying web shells like China Chopper, followed by establishing persistent access over Remote Desktop Protocol, deploy a VPN bridge to connect to a remote server, and harvest credentials using Mimikatz.
While crossover of tactics and infrastructure among threat actors operating out of China isn't unusual, the findings paint the picture of a constantly evolving threat landscape, with adversaries shifting their tradecraft to become more selective in their follow-on operations.
News URL
https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html