Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop<\/title> <meta name=\"description\" content=\"A group dubbed Flax Typhoon has targeted "dozens" of Taiwanese organizations, according to new research from Microsoft.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-china-taiwan-flax-typhoon\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft says Chinese hacking crew is targeting Taiwan\"> <meta property=\"og:description\" content=\"A group dubbed Flax Typhoon has targeted "dozens" of Taiwanese organizations, according to new research from Microsoft.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-china-taiwan-flax-typhoon\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-08-24T21:34:01+00:00\"> <meta property=\"article:modified_time\" content=\"2023-08-24T21:34:02+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1278\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1691523982g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1692696474g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1692820872g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=008d053dcbaaeb47b822\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76622\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76622\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-china-taiwan-flax-typhoon%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-china-taiwan-flax-typhoon%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76622 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-china-taiwan-flax-typhoon\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.822580645161\">\n<div class=\"single-article__header-content\" readability=\"30.851851851852\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> A group dubbed Flax Typhoon has targeted “dozens” of Taiwanese organizations, according to new research from Microsoft. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/08\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan-1.jpg?resize=1266,843 1266w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> (Jeffrey Coolidge\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"23.436383130808\"><body readability=\"47.196442382057\"><\/p>\n<p>Researchers at Microsoft said on Thursday that a hacking group with suspected links to the Chinese government is actively targeting dozens of organizations in Taiwan as part of a cyber espionage campaign. <\/p>\n<p>Flax Typhoon, the name Microsoft uses to describe the group based in China, is working to gain and maintain long-term access to primarily Taiwanese organizations, although some victims have been observed in Southeast Asia, North America and Africa, the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/08\/24\/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations\/\">company said in a blog post Thursday<\/a>. The group\u2019s targets include government entities, manufacturing firms and tech companies. <\/p>\n<p>The news comes on the heels of the Biden administration\u2019s approval of a <a href=\"https:\/\/www.koreatimes.co.kr\/www\/world\/2023\/08\/501_357709.html\">$500 million arms package to Taiwan<\/a> and a new round of <a href=\"https:\/\/www.theglobeandmail.com\/world\/article-china-launches-drills-around-taiwan-in-angry-response-to-vps-us-trip-2\/\">Chinese military drills<\/a> near the island. Three months ago, Microsoft and a coalition of intelligence agencies <a href=\"https:\/\/cyberscoop.com\/china-critical-infrastructure-volt-typhoon\/\">revealed<\/a> that Chinese-linked hackers targeted telecommunications systems in Guam as part of an operation that may have laid the groundwork for severing communications between the United States and its military assets in East Asia. <\/p>\n<p>Thursday\u2019s report from Microsoft describes a fairly stealthy actor that uses minimal amounts of malware in its operations and instead relies on tools already within victim systems, \u201calong with some normally benign software.\u201d Microsoft researchers have not observed the group using its access to Taiwanese systems to conduct additional operations but noted that the group is using \u201ctechniques that could be easily reused in other operations outside the region and would benefit from broader industry visibility.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAlthough our visibility into these threats has given us the ability to deploy detections to our customers, the lack of visibility into other parts of the actor\u2019s activity compelled us to drive broader community awareness to further investigations and protections across the security ecosystem,\u201d the company said in its blog.<\/p>\n<p>Flax Typhoon has been active since mid-2021 and is known to use the China Chopper web shell, the researchers noted, which has also been used by Hafnium, a state-backed Chinese hacking group that successfully used multiple zero-day bugs in Microsoft Exchange Server software as part of an espionage campaign <a href=\"https:\/\/cyberscoop.com\/microsoft-china-exchange-zero-days-hafnium\/\">revealed in March 2021<\/a>. Later that year, the FBI <a href=\"https:\/\/www.theguardian.com\/technology\/2021\/apr\/14\/fbi-hacks-vulnerable-united-states-computers-to-fix-hack-malicious-malware-microsoft-exchange-software\">hacked victim servers<\/a> to remove Hafnium malware.<\/p>\n<p>Flax Typhoon has also been observed using Metasploit, a popular penetration testing framework; the Juicy Potato privilege escalation tool; Mimikatz, the data exfiltration tool; and the SoftEther virtual private network (VPN) client, according to Microsoft. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2867298578199\">\n<div class=\"author-card\" readability=\"8\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-china-taiwan-flax-typhoon\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,834,302,835,836],"tags":[277,837,306,838,839],"class_list":["post-1603","post","type-post","status-publish","format-standard","hentry","category-china","category-flex-typhoon","category-geopolitics","category-hafnium","category-taiwan","tag-china","tag-flex-typhoon","tag-geopolitics","tag-hafnium","tag-taiwan"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/flex-typhoon\/\" rel=\"category tag\">Flex Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hafnium\/\" rel=\"category tag\">Hafnium<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/taiwan\/\" rel=\"category tag\">taiwan<\/a>","tag_info":"taiwan","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1603"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1603\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1603,"date":"2023-08-24T21:34:01","date_gmt":"2023-08-24T21:34:01","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76622"},"modified":"2023-08-24T21:34:01","modified_gmt":"2023-08-24T21:34:01","slug":"microsoft-says-chinese-hacking-crew-is-targeting-taiwan","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/24\/microsoft-says-chinese-hacking-crew-is-targeting-taiwan\/","title":{"rendered":"Microsoft says Chinese hacking crew is targeting Taiwan"},"content":{"rendered":"