A Chinese state-sponsored hacking group, Flax Typhoon, compromised an ArcGIS system by turning it into a backdoor for over a year, leveraging legitimate tools for malicious purposes. The attack demonstrates advanced techniques like embedding a web shell, establishing covert VPN channels, and maintaining persistent access, highlighting the evolving threat landscape. #FlaxTyphoon #ArcGISBackdoor
Keypoints
- Flax Typhoon is a Chinese state-sponsored hacking group linked to Integrity Technology Group.
- The attackers modified a geo-mapping applicationโs Java server extension into a web shell for persistence.
- The attack involved compromising a portal administrator account and deploying a malicious ArcGIS extension.
- The hackers established a covert VPN channel by uploading and executing โbridge.exeโ in System32.
- The campaign highlights the abuse of trusted tools and advanced stealth tactics to evade detection and further infiltrate networks.
Read More: https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html