Flax Typhoon
Country: People's Republic of China Organization: Integrity Technology Group Objective: Espionage, Information theft (Page last updated: September 23, 2024)
Aliases (sorted alphabetically):
- Ethereal Panda (CrowdStrike)
- Flax Typhoon (CFR, ETDA, FBI, Microsoft, Malpedia, NSA, NCSC-UK)
- RedJuliett (Recorded Future)
- Storm-0919 (previously used by Microsoft)
Associated Company
Integrity Technology Group (Integrity Tech) (Source: FBI (PDF)) aka Yongxin Zhicheng, 永信至诚
Vulnerabilities Exploited
Source: FBI
- CVE-2024-5217 (KEV)
- CVE-2024-4577 (KEV)
- CVE-2024-29973
- CVE-2024-29269
- CVE-2024-21762 (KEV)
- CVE-2023-50386
- CVE-2023-47218
- CVE-2023-46747 (KEV)
- CVE-2023-46604 (KEV)
- CVE-2023-43478
- CVE-2023-4166
- CVE-2023-38646
- CVE-2023-3852
- CVE-2023-38035 (KEV)
- CVE-2023-37582
- CVE-2023-36844 (KEV)
- CVE-2023-36542
- CVE-2023-35885
- CVE-2023-35843
- CVE-2023-3519 (KEV)
- CVE-2023-35081 (KEV)
- CVE-2023-34960
- CVE-2023-34598
- CVE-2023-3368
- CVE-2023-33510
- CVE-2023-30799
- CVE-2023-28771 (KEV)
- CVE-2023-28365
- CVE-2023-27997 (KEV)
- CVE-2023-27524 (KEV)
- CVE-2023-26469
- CVE-2023-25690
- CVE-2023-24229
- CVE-2023-23333
- CVE-2023-22527 (KEV)
- CVE-2023-22515 (KEV)
- CVE-2023-42475 (KEV)
- CVE-2022-40881
- CVE-2022-3590
- CVE-2022-31814
- CVE-2022-30525 (KEV)
- CVE-2022-26134 (KEV)
- CVE-2022-20707
- CVE-2022-1388 (KEV)
- CVE-2021-46422
- CVE-2021-45511
- CVE-2021-44228 (KEV)
- CVE-2021-36260 (KEV)
- CVE-2021-28799 (KEV)
- CVE-2021-20090 (KEV)
- CVE-2021-1473
- CVE-2021-1472
- CVE-2020-8515 (KEV)
- CVE-2020-4450
- CVE-2020-35391
- CVE-2020-3452 (KEV)
- CVE-2020-3451
- CVE-2020-15415
- CVE-2019-7256 (KEV)
- CVE-2019-19824
- CVE-2019-17621 (KEV)
- CVE-2019-12168
- CVE-2019-11829
- CVE-2018-18852
- CVE-2017-7876
- CVE-2015-7450 (KEV)
References
Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.
Links (Sorted in Chronological Order)
2024
- September 18, 2024: (ATTRIBUTION)
- FBI: People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations (PDF)
- NSA: NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations
- U.S. Department of Justice: Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
- ASD ACSC: People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations (available as PDF)
- NCSC-UK: NCSC and partners issue advice to counter China-linked campaign targeting thousands of devices
- The Record: Company listed on Shanghai stock exchange accused of aiding Chinese cyberattacks (background information on Integrity Technology Group)
- June 24, 2024 – Recorded Future: Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation (available as PDF)
- April 04, 2024 – Microsoft: Same targets, new playbooks: East Asia threat actors employ unique methods (brief mention, no IOC)
2023
- September 23, 2023??? – SecurityScorecard: SecurityScorecard Identifies Possible Flax Typhoon Infrastructure
- August 24, 2023 – Microsoft: Flax Typhoon using legitimate software to quietly access Taiwanese organizations
- March 03, 2023 – CrowdStrike: 2023 Global Threat Report (PDF, page 29)
2022
- September 26, 2022 – Center for Security and Emerging Technology: Downrange: A Survey of China’s Cyber Ranges (PDF, page 8)
2020
- May 20, 2020?? – PRC Ministry of State Security: 前沿 | 网络靶场,未来安全的基础设施 (web archive of a MSS-run periodical reprinted on IntegrityTech's website, English translation: “Frontier | Cyber Range, the secure infrastructure of the future”)
Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat