Security researchers at Microsoft have spotted a Chinese-based threat actor engaging in espionage operations against organisations in Taiwan.
The group, dubbed Flax Typhoon by Microsoft, has been operating since at least 2021, and has previously been seen to go after critical infrastructure, government agencies, and IT groups in the country.
In its latest campaign, Flax Typhoon has been taking advantage of known vulnerabilities in public-facing networks using the China Chopper web shell to gain initial access and then deploying a range of techniques to escalate their privileges in a given environment. To do this, the group uses malware such as BadPotato and Juicy Potato.
Nation-state hacking may be very serious business but we can all have some fun with our naming protocols, right?