From bd7252ccef5637cbd1fadf0d7964aa5b011a9ee4 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 22 Jan 2024 10:01:13 -0800
Subject: [PATCH] [threat-actors] Add Flax Typhoon

---
 clusters/threat-actor.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 3bb828b..de524a3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14047,6 +14047,21 @@
       },
       "uuid": "6c706d8b-95a4-428d-9de5-b68b29b1893c",
       "value": "TAG-28"
+    },
+    {
+      "description": "Flax Typhoon is a Chinese state-sponsored threat actor that primarily targets organizations in Taiwan. They conduct espionage campaigns and focus on gaining and maintaining long-term access to networks using minimal malware. Flax Typhoon relies on tools built into the operating system and legitimate software to remain undetected. They exploit vulnerabilities in public-facing servers, use living-off-the-land techniques, and deploy a VPN connection to maintain persistence and move laterally within compromised networks.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/",
+          "https://www.crowdstrike.com/global-threat-report/"
+        ],
+        "synonyms": [
+          "Ethereal Panda"
+        ]
+      },
+      "uuid": "50ee2b1b-979e-4507-8747-8597a95938f6",
+      "value": "Flax Typhoon"
     }
   ],
   "version": 297