Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Is Microsoft the right party to talk about the Flax Typhoon?
Microsoft has a long way to go when it comes to security,
3 min. read
Published onAugust 25, 2023
published onAugust 25, 2023
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
Flax Typhoon, a Chinese threat actor group, was reportedly identified by Microsoft as targeting dozens of organizations in Taiwan with the likely intention of performing espionage, per Microsoft’s claims.
Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks. Microsoft has not observed Flax Typhoon using this access to conduct additional actions.
However, many of the espionage techniques performed by Flax Typhoon include access or usage of Microsoft’s software, includingWindows Management Instrumentationcommand-line (WMIC),PowerShell, or theWindows Terminalapplication.
Microsoft claims that its blog post is about informing people about this threat actor and raising awareness about it, which is the right thing to do, yes. But is Microsoft really the best party to inform people about this?
Especially when not so long ago, the Redmond-based tech giantwas harshly criticized by Tenable, a cybersecurity company, for not even addressing important vulnerabilities at the right time.
Microsoft is right to raise awareness about Flax Typhoon, but it should do better
There are countless examples where Microsoft products and their users were the victims of phishing attacks, malware, security breaches, and so on. As we extensively covered these examples, we found out that Microsoft Teams is by far one of the most targeted products.
In 2022, alone, 80% of the Microsoft 365 accounts, including Microsoft Teams, were hacked, and anastonishing 60% were successfully hacked.A later reportfound out that Microsoft Teams is prone to modern phishing attacks more than any other app.
However, these phishing attacks were all caused by not addressing certain vulnerabilities by Microsoft. The Redmond-based tech giant either addressed them too late, or never bothered with trying to fix them, as they were not considered dangerous.
Earlier this summer, Tenable’s CEO harshly criticized Microsoft for failing to address a vulnerability that could have ended up revealing a lot of customers’ banking information. Only after Tenable went public, did Microsoft react, but it was almost 5 months later.
So, while Microsoft has all the rights to raise awareness about a dangerous Flax Typhoon, the Redmond-based tech giant should really take a step back and do its best to address all the security vulnerabilities that its products have or might have.
The company should employ the best in the field to make sure its products are safe, secure, and most importantly, reliable to use. And then, yes, it can talk and raise awareness about threat actors.
Otherwise, if you don’t follow your own advice, then what’s the point? But what do you think?
More about the topics:Cybersecurity,microsoft
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
