Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
There are signs of penetration, but no subsequent actions. What is behind such a strange tactic?
Microsoft has announced a new spying operation conducted by hackers linked to the Chinese government. The group, which Microsoft has named Flax Typhoon, targets dozens of organizations in Taiwan, and the hackers themselves have been active since mid-2021.
According to Microsoft, the attackers aim to not only spy on targeted Taiwanese organizations, but also "maintain access to organizations in a wide range of industries for as long as possible."
The main targets of hackers are government agencies, as well as organizations in the field of education, production and information technology. However, there are also victims in Southeast Asia, North America and Africa.
According to Microsoft, hackers use the built-in tools of the operating system and some legitimate software to quietly stay in the networks of target organizations. At the same time, the company has not yet observed further actions of hackers after gaining access.
It is possible that the Flax Typhoon hackers act as remote access brokers (IAB), whose task is only to obtain permanent covert access to the target system, after which it is sold to other cybercrime associations.
The malicious operation under review is reportedly just one of several identified after Beijing stepped up its rhetoric about Taiwan's "reunification" with mainland China.
Some evidence suggests that the activities of this group coincide with the activities of another cybercrime association identified by Crowdstrike specialists as Ethereal Panda.
Microsoft said that it decided to publish this latest report because of "serious concerns" about the subsequent impact that such attacks can have on the company's customers, because in the operation under review, there was not even visibility into other aspects of the attacker's activities.
This non-attack penetration tactic makes it extremely difficult to detect and mitigate the consequences, and requires you to close or change the credentials of compromised accounts.
Microsoft urged affected organizations to assess the extent of Flax Typhoon activity on their network, remove malicious tools, and check logs for compromised accounts.
But the Redmond-based company asked other security researchers to review their findings in order to work together to find the best security solution, protecting hundreds of potential victims.
Microsoft has announced a new spying operation conducted by hackers linked to the Chinese government. The group, which Microsoft has named Flax Typhoon, targets dozens of organizations in Taiwan, and the hackers themselves have been active since mid-2021.
According to Microsoft, the attackers aim to not only spy on targeted Taiwanese organizations, but also "maintain access to organizations in a wide range of industries for as long as possible."
The main targets of hackers are government agencies, as well as organizations in the field of education, production and information technology. However, there are also victims in Southeast Asia, North America and Africa.
According to Microsoft, hackers use the built-in tools of the operating system and some legitimate software to quietly stay in the networks of target organizations. At the same time, the company has not yet observed further actions of hackers after gaining access.
It is possible that the Flax Typhoon hackers act as remote access brokers (IAB), whose task is only to obtain permanent covert access to the target system, after which it is sold to other cybercrime associations.
The malicious operation under review is reportedly just one of several identified after Beijing stepped up its rhetoric about Taiwan's "reunification" with mainland China.
Some evidence suggests that the activities of this group coincide with the activities of another cybercrime association identified by Crowdstrike specialists as Ethereal Panda.
Microsoft said that it decided to publish this latest report because of "serious concerns" about the subsequent impact that such attacks can have on the company's customers, because in the operation under review, there was not even visibility into other aspects of the attacker's activities.
This non-attack penetration tactic makes it extremely difficult to detect and mitigate the consequences, and requires you to close or change the credentials of compromised accounts.
Microsoft urged affected organizations to assess the extent of Flax Typhoon activity on their network, remove malicious tools, and check logs for compromised accounts.
But the Redmond-based company asked other security researchers to review their findings in order to work together to find the best security solution, protecting hundreds of potential victims.
