• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
china linked flax typhoon cyber espionage targets taiwan's key sectors

China-Linked Flax Typhoon Cyber Espionage Targets Taiwan’s Key Sectors

You are here: Home / General Cyber Security News / China-Linked Flax Typhoon Cyber Espionage Targets Taiwan’s Key Sectors
August 25, 2023

A country-condition action group originating from China has been joined to cyber attacks on dozens of businesses in Taiwan as section of a suspected espionage marketing campaign.

The Microsoft Danger Intelligence team is monitoring the action under the identify Flax Storm, which is also acknowledged as Ethereal Panda.

“Flax Storm gains and maintains prolonged-time period entry to Taiwanese organizations’ networks with minimum use of malware, relying on equipment constructed into the running system, together with some commonly benign program to quietly stay in these networks,” the enterprise explained.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


It additional explained it has not noticed the team weaponize the accessibility to conduct data-collection and exfiltration. A vast majority of the targets include things like authorities organizations, educational establishments, critical production, and data technology companies in Taiwan.

A smaller quantity of victims have also been detected in Southeast Asia, North The us, and Africa. The group is suspected to have been active since mid-2021.

Cybersecurity

“Ethereal Panda functions mainly focus on entities in the academic, technology, and telecommunications sectors in Taiwan,” CrowdStrike notes in its description of the hacker crew. “Ethereal Panda depends greatly on SoftEther VPN executables to keep access to target networks, but has also been noticed deploying the GodZilla web shell.”

The main concentrate of the actor revolves about persistence, lateral motion, and credential obtain, with the actor employing living-off-the-land (LotL) methods and fingers-on keyboard action to recognize its plans.

The modus operandi is in line with danger actors’ observe of frequently updating their techniques to evade detection, banking on out there applications in the focus on ecosystem to avoid pointless download and creation of custom made parts.

Original obtain is facilitated by suggests of exploiting known vulnerabilities in general public-struggling with servers and deploying web shells like China Chopper, followed by establishing persistent access over Distant Desktop Protocol (RDP), deploy a VPN bridge to connect to a remote server, and harvest credentials utilizing Mimikatz.

Cybersecurity

A noteworthy aspect of the attacks is the modification of the Sticky Keys conduct to start Job Manager, enabling Flax Typhoon to conduct article-exploitation on the compromised program.

“In conditions exactly where Flax Storm requires to go laterally to entry other techniques on the compromised network, the actor utilizes LOLBins, including Windows Distant Administration (WinRM) and WMIC,” the Windows maker stated.

The advancement will come 3 months after Microsoft exposed yet another China-linked actor named Volt Hurricane (aka Bronze Silhouette or Vanguard Panda), which has been observed exclusively relying on LotL procedures to fly less than the radar and exfiltrate info.

While crossover of techniques and infrastructure amid danger actors working out of China isn’t really abnormal, the conclusions paint the picture of a continuously evolving menace landscape, with adversaries shifting their tradecraft to become far more selective in their observe-on operations.

Discovered this write-up intriguing? Stick to us on Twitter  and LinkedIn to examine additional special articles we write-up.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «urgent fbi warning: barracuda email gateways vulnerable despite recent patches Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches
Next Post: Navigating Legacy Infrastructure: A CISO’s Actionable Strategy for Success navigating legacy infrastructure: a ciso's actionable strategy for success»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.