Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

China’s Flax Typhoon Targets Taiwan

August 28, 2023
Reading Time: 2 mins read
in Alerts
China’s Flax Typhoon Targets Taiwan

In a concerning development, a Chinese-originated nation-state activity group known as Flax Typhoon has been identified in a series of cyber attacks targeting multiple organizations in Taiwan. Microsoft Threat Intelligence, closely monitoring the situation, has linked these activities to Flax Typhoon, also recognized as Ethereal Panda.

The group’s approach stands out for its minimal use of malware, relying instead on operating system tools and seemingly benign software to infiltrate Taiwanese organizations’ networks and maintain access covertly. While the group has not yet been observed utilizing its access for data collection or exfiltration, the majority of its targets encompass governmental bodies, educational institutions, critical manufacturing, and IT organizations in Taiwan.

Ethereal Panda, as described by CrowdStrike, concentrates its efforts on academic, technology, and telecommunications sectors in Taiwan. The group’s tactics emphasize persistence, lateral movement, and the acquisition of credentials, employing living-off-the-land techniques alongside hands-on keyboard activity to achieve its objectives.

Employing a strategy aligned with evolving threat actor practices, Flax Typhoon strategically exploits known vulnerabilities in public-facing servers to initiate its attacks. This includes deploying web shells such as China Chopper, followed by establishing lasting access through techniques like Remote Desktop Protocol (RDP) and deploying VPN bridges to remote servers, all the while harvesting credentials using tools like Mimikatz.

Of note is the modification of Sticky Keys behavior, enabling Flax Typhoon to execute post-exploitation actions on compromised systems. Moreover, the group leverages LOLBins, such as Windows Remote Management (WinRM) and WMIC, for lateral movement within compromised networks. CrowdStrike’s insight also indicates the group’s exploitation of an Apache Tomcat instance, using it to breach an undisclosed organization and subsequently dump credentials using ProcDump and Mimikatz.

These developments follow Microsoft’s previous exposure of another China-linked actor, Volt Typhoon, which relied exclusively on living-off-the-land techniques to exfiltrate data. These findings illuminate the dynamic nature of the cyber threat landscape, showcasing adversaries’ adaptability and underscoring the importance of proactive cybersecurity measures in a constantly evolving environment.

Reference:
  • China-based ‘Flax Typhoon’ hackers targeting Taiwan govt: Microsoft
  • Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Tags: August 2023ChinaCyber AlertCyber Alerts 2023CyberattackCybersecurityFlax TyphoonGovernmentMalwareMicrosoft Threat IntelligenceTaiwanVulnerabilities
ADVERTISEMENT

Related Posts

Open VSX Flaw Allowed Extension Hijacks

Open VSX Flaw Allowed Extension Hijacks

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

Unpatchable Flaw In Hundreds Of Printers

June 27, 2025
New Malware Uses Prompts To Trick AI Tools

Fake Job Offers Hide North Korean Malware

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Malware Uses Prompts To Trick AI Tools

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

June 26, 2025

Latest Alerts

nOAuth Flaw Allows Easy Account Takeover

Unpatchable Flaw In Hundreds Of Printers

Open VSX Flaw Allowed Extension Hijacks

Fake Job Offers Hide North Korean Malware

New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

Subscribe to our newsletter

    Latest Incidents

    Hawaiian Airlines Hit By Cyberattack

    Qilin Ransomware Gang Hacks Estes Freight

    Generali Customer Data Exposed In Hack

    Resupply DeFi Protocol Hacked For $9.6M

    Cyberattack Hits South Tyrol Emergency Ops

    UK’s Glasgow City Council Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial