Microsoft’s threat hunters have identified a Chinese government-backed APT actor that hacked into Taiwanese organizations using minimal malware and maintaining stealthy persistence by abusing legitimate software tools.
The cyberespionage operation known as Flax Typhoon infiltrates organizations by taking advantage of well-known flaws in servers that are visible to the general public. After that, to remain undetected in these networks, legitimate tools included with the Windows operating system are used.
This activity relies on legitimate accounts and living-off-the-land binaries (LOLBins), so it may be difficult to identify and stop the attack. It’s necessary to change or close compromised accounts.
Systems that have been compromised must be isolated and looked into, Microsoft cautioned in a research note outlining Flax Typhoon activities.