Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
A report by ReliaQuest reveals that the Flax Typhoon attackers maintained year-long access to an ArcGIS system.
Security teams have been urged to adopt proactive threat hunting after a new report revealed how Chinese hackers used novel techniques to turn trusted software components into persistent backdoors.
ReliaQuest attributed the campaign to the “Flax Typhoon” APT group, a likely state-sponsored outfit known for “precise, high impact” attacks, such as those targeting Taiwanese organizations.
The adversaries targeted a legitimate public-facing ArcGIS (geographic information system) application.
This software allows organizations to manage spatial data for disaster recovery, emergency management and other critical functions.
Author's summary: Chinese hackers used ArcGIS app for year-long persistence.