Chinese Flax Typhoon: Why Do Invisible Hackers Penetrate Without Action?

Microsoft has reported a new spy operation conducted by hackers linked to the Chinese government. The group, known as Flax Typhoon, has been actively targeting numerous organizations in Taiwan since mid-2021. Microsoft has stated that the hackers not only aim to spy on Taiwanese organizations but also to maintain access to organizations in various industries for an extended period.

The primary targets of the hackers are government institutions, as well as organizations in education, production, and information technology. However, there have also been victims in Southeast Asia, North America, and Africa.

Using built-in features of the operating system and legitimate software, the hackers silently infiltrate the networks of their target organizations. Microsoft has not yet observed any further actions by the hackers after gaining access. It is speculated that the Flax Typhoon hackers may be operating as broken access providers, selling constant secretive access to the compromised systems to other cybercrime groups.

This operation is one of several that have been detected following Beijing’s increased rhetoric regarding the “reunification” of Taiwan with mainland China. There are similarities between the activities of Flax Typhoon and another cybercriminal group identified as Ethereal Panda.

Microsoft has expressed “serious concern” about the potential impact of these attacks on its customers and has therefore decided to publish this report. Penetration tactics without direct attacks are challenging to detect and mitigate, and they often require the closure or alteration of compromised accounts.

Microsoft has advised affected organizations to assess the extent of Flax Typhoon’s activity within their networks, remove malicious tools, and review logs for compromised accounts. Additionally, the company has called on security researchers from Redmond to collaborate in finding effective protective solutions for potential victims.

/Reports, release notes, official announcements.