Microsoft has tracked down a China-linked hacking operation called Flax Typhoon that appears to target Taiwan-based organizations for long-term access to their networks.
In a blog post, the tech giant said the activity used vulnerabilities in operating systems and applications to access the networks. Based on Microsoft’s observations, the threat actors linger on breached systems.
The company said the Flax Typhoon campaign’s final objective is unclear, noting only that it maintains access to targeted organizations “for as long as possible.” According to the blog post, the group has yet to use its credential access to perform other activities such as data exfiltration.
“While the actor’s observed behavior suggests Flax Typhoon [intends] to perform espionage and maintain their network footholds, Microsoft has not observed Flax Typhoon act on final objectives in this campaign,” it said.
The cyber operation was detected in North America, Africa, and Southeast Asia, but group seems focused on targeting Taiwan, particularly government agencies and education, critical manufacturing and information technology organizations.
According to Microsoft, Flax Typhoon started its operations in mid-2021 with activity overlapping with another group identified as Ethereal Panda. It noted that the hacking group’s “distinctive pattern of malicious activity” could be replicated elsewhere.
To protect against Flax Typhoon’s unique techniques, the company urged organizations to implement vulnerability and patch management, particularly on systems and services connected to the public internet. Close or change compromised accounts and isolate compromised systems for further investigation.