It’s apparently all hands on deck and in cyberspace. As the Chinese government continues to flex its military muscles near Taiwan, regularly crossing the median line of the Taiwan Strait that had long functioned as a de facto barrier between China and Taiwan, it is also conducting cyberwarfare against the island.
Microsoft brought the espionage to light in an August 24, 2023 blog post:
Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks. Microsoft has not observed Flax Typhoon using this access to conduct additional actions….
Flax Typhoon has been active since mid-2021 and has targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan. Some victims have also been observed elsewhere in Southeast Asia, as well as in North America and Africa….
The post provides technical details about how Flax Typhoon gains access to the Windows setup of its victims and how it maintains—or used to maintain—access. Microsoft says that it has contacted the targeted organizations and helped them to secure their systems.
