The China-based APT group Flax Typhoon used a function within ArcGIS' legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials.

The post China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence appeared first on Security Boulevard.

Jeffrey Burt

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/10/chinas-flax-typhoon-exploits-arcgis-app-for-year-long-persistence/