According to Microsoft, Flax Typhoon has been active since mid-2021, predominantly targeting "government agencies and education, critical manufacturing, and information technology organizations in Taiwan." The group has also been known to attack multiple U.S. and foreign corporations.

Flax Typhoon's TTPs are similar to those of Volt Typhoon, and they have also been using zero-day exploits and other advanced techniques to evade detection. In September, the U.S. government said it had taken control of another botnet, used by Flax Typhoon, which was leveraged a custom variant of the infamous Mirai malware.