The group, using the code name “Flax Typhoon,” succeeded in maintaining long-term access inside computer networks in Taiwan with the minimal use of malicious software, relying instead on features of the operating systems themselves to maintain access.
Taiwan’s National Security Bureau, the main intelligence service, has said the Chinese military a decade ago shifted its focus from cyberattacks on government institutions to civilian targets, including think tanks, telecommunications service providers, internet providers and traffic signal control systems.
“Once Flax Typhoon becomes established on the target system, Microsoft observes the actor conducting credential access activities using common tools and techniques,” the report said, noting that the group has not acted on the access in stealing information. Flax Typhoon has been active since mid-2021 and has been spotted conducting cyberattacks on government agencies, universities, critical manufacturing and information technology organizations in Taiwan. The specific identities of the compromised networks were not disclosed.