China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
A nation-state activity group originating from China, known as Flax Typhoon or Ethereal Panda, has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team has been tracking the group's activities, which primarily target government agencies, educational institutions, critical manufacturing, and information technology organizations in Taiwan. The group has been active since mid-2021 and focuses on persistence, lateral movement, and credential access. Initial access is facilitated by exploiting known vulnerabilities in public-facing servers and deploying web shells like China Chopper. The group then establishes persistent access over Remote Desktop Protocol (RDP), deploys a VPN bridge to connect to a remote server, and harvests credentials using Mimikatz. Malware: FlaxTyphoon [View Article](https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html)