The China-based APT group Flax Typhoon used a function within ArcGIS’ legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/10/chinas-flax-typhoon-exploits-arcgis-app-for-year-long-persistence/
