Flax Typhoon

Threat Actor updated 4 days ago (2024-09-03T16:18:09.215Z)

Download STIX

Preview STIX

Flax Typhoon, a threat actor linked to China, has been identified as the perpetrator behind a series of cyber attacks targeting Taiwan. The group is known for its unique approach, utilizing minimal malware and custom payloads, but heavily relying on legitimate applications instead. This tactic allows them to infiltrate systems with less detection risk, making their operations stealthy and effective. The tactics, techniques, and procedures (TTPs) employed by Flax Typhoon are consistent with those used in previous attacks attributed to this group. Notably, Microsoft reported that Flax Typhoon used the open-source client and server VPN software SoftEther to generate multiple TLS certificates. This enabled the group to establish encrypted communication channels with targeted networks, further enhancing their ability to conduct covert operations. In addition, it's worth noting that there's an overlap between Flax Typhoon and another alias, RedJuliett, as well as Ethereal Panda. This suggests that these entities could be different operational facets of the same overarching group or closely associated groups. Understanding these connections can provide valuable insights into the broader strategies and objectives of these threat actors.

Description last updated: 2024-09-03T16:15:56.540Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Ethereal Panda	6	Ethereal Panda, also known as Flax Typhoon, is a threat actor believed to be based in China. The activities of this group strongly overlap with those reported under the aliases Flax Typhoon by Microsoft and Ethereal Panda by CrowdStrike. This correlation suggests that Ethereal Panda operates as a na
Redjuliett	2	RedJuliett, a Chinese state-sponsored threat group, has been implicated in persistent espionage attacks on approximately 75 organizations since 2023. This information was reported by Insikt Group, the threat research arm of Recorded Future. The targeted organizations span across government, academic

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Malware

Espionage

Vpn

Microsoft

Chinese

Taiwanese

Taiwan

Lateral Move...

Exploit

Web Shell

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
China Chopper	Unspecified	2	China Chopper is a well-known malware that has been utilized extensively by various cyber threat actors, including the notorious BRONZE UNION group. This web shell, designed to provide remote access and control over compromised web servers, was found embedded in multiple SharePoint server webshells

Source Document References

Information about the Flax Typhoon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	4 days ago	Most interesting IR cases in 2023: insider threats and more
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Recorded Future	2 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	2 months ago	Chinese Hackers Caught Spying on Taiwanese Firms
InfoSecurity-magazine	2 months ago	China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
Recorded Future	2 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini