Although Microsoft is in the news in most cases because of its operating system, Windows, or its gaming division, Xbox, the tech world now writes about it exceptionally well in regards to the cybersecurity sector, because they’ve managed to pin down a fairly large group. . A hacker group called Flax Typhoon.
Interestingly, the team did not rely heavily on malware to access and maintain the victim’s network, but rather used components already present in the operating system, in this case Windows, the so-called extraterrestrial binaries or LOLBins, as well as legal software – writes A. dormant computers.
Flax Typhoon, which has been active since at least mid-2021, has primarily targeted organizations in Taiwan, though Microsoft has also found some victims in Southeast Asia, North America, and Africa.
In the campaign, spotted by Microsoft, Flax Typhoon gained access to computers by exploiting known vulnerabilities in public servers, including VPN, web, Java and SQL applications. The group then established a Remote Desktop Protocol (RDP) connection by turning off Network Level Authentication (NLA), modifying the registry, and exploiting the Windows Sticky Keys accessibility feature.
Through this, the group has already gained access to the attacked computer, which, according to Microsoft, they can perform almost any operation on.
You don’t necessarily need to worry
And while we shouldn’t take Flax Typhoon attacks lightly, they aren’t affecting ordinary people right now — and in fact, as we wrote, Microsoft has never seen any settlement in Europe. The company advises other companies to ensure that they apply the latest security updates and enable multi-factor authentication on all accounts.
