Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
A report by ReliaQuest reveals that the Flax Typhoon attackers maintained year-long access to an ArcGIS system.
Security teams have been urged to adopt proactive threat hunting after the report revealed how Chinese hackers used novel techniques to turn trusted software components into persistent backdoors.
ReliaQuest attributed the campaign to the “Flax Typhoon” APT group, a likely state-sponsored outfit known for “precise, high impact” attacks, such as those targeting Taiwanese organizations.
The adversaries targeted a legitimate public-facing ArcGIS (geographic information system) application.
- This software allows organizations to manage spatial data for disaster recovery, emergency management and other critical functions.
Author's summary: Chinese hackers used ArcGIS app for persistence.