APT Profile – Volt Typhoon vs. Flax Typhoon
In the eye of the Chinese typhoons
- 20 August 2024
- Zettl-Schabath, Kerstin; Hemmelskamp, Jonas
- EN
About Volt Typhoon and Flax Typhoon
Volt Typhoon is a new but impactful APT (Advanced Persistent Threat). As such, there is currently a lack of extensive consolidated academic, industry-related, or official research on the group. On the industry side, substantial primary reports on the group and its activities have been published by Microsoft’s threat intelligence team, while the United States National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) also issued a joint advisory on 24 May 2023. On 7 February 2024, US, Australian, British, and Canadian agencies followed up with another joint advisory. Microsoft’s private reporting and the joint advisory from 2023 appear to have been a coordinated effort, describing Volt Typhoon as a state-sponsored group linked to China. The same attribution to China has been stated for Flax Typhoon; for Flax Typhoon, Microsoft released the most comprehensive threat intelligence report to date on 24 August 2023.
Volt Typhoon APT designations
- Volt Typhoon (Microsoft)
- DEV-0391 (Previous Microsoft designation)
- Bronze Silhouette (Secureworks)
- Vanguard Panda (CrowdStrike)
- UNC3263 (Mandiant)
- VoltZite (Dragos)
Flax Typhoon APT designations
- Flax Typhoon (Microsoft)
- Storm-0919 (Previous Microsoft designation)
- Ethereal Panda (CrowdStrike)
- Red Juliett (RecordedFuture)
Period of activity
2021* – today
*While Volt Typhoon’s operations began in 2021, we also acknowledge 2021 as the beginning of the operational period for Flax Typhoon, as it is the indicated start of operations by Ethereal Panda, according to CrowdStrike.
Country of origin
More APT profiles
- Research and Analysis