Flax Typhoon is a threat actor attributed to CN, also known as Earth Naga, RedJuliett, ETHEREAL PANDA. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Flax Typhoon exploit?

Specific CVE exploitation data for Flax Typhoon is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Flax Typhoon

Also known as: Earth Naga, RedJuliett, ETHEREAL PANDA, Storm-0919, Ethereal Panda

CNInformation theft and espionage

Exploited CVEs

Overview

Earth Naga is an APT group that has persistently targeted high-value organizations, including government agencies, telecommunications, and military-related manufacturers, primarily in Taiwan and the broader APAC region. They have been linked to the use of Draculoader and ShadowPad C&C infrastructure, demonstrating sophisticated TTPs such as establishing SSH connections through compromised mail servers. Earth Naga has collaborated with Earth Estries, sharing access to facilitate continued exploitation, complicating detection and attribution efforts. Their operations reflect a growing interest in global intelligence collection, extending to NATO member countries and Latin America.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database