#flaxtyphoon — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #flaxtyphoon, aggregated by home.social.
-
Chinese Gang Used ArcGIS As A Backdoor For A Year – And No One Noticed
[State sponsored] Crims turned trusted [#ESRI] mapping software into a hideout - no traditional malware required
--
https://www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/ <-- shared media article
--
https://www.scworld.com/brief/novel-flax-typhoon-campaign-exploited-arcgis-for-extended-persistence <-- shared technical media article
--
https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise <-- shared security technical article
--
https://securityaffairs.com/183398/apt/flax-typhoon-apt-exploited-arcgis-server-for-over-a-year-as-a-backdoor.html <-- shared security technical article
--
“A Chinese state-backed cybergang known as Flax Typhoon spent more than a year burrowing inside an ArcGIS server, quietly turning the trusted mapping software into a covert backdoor..."
#GIS #spatial #mapping #security #malware #exploit #ArcGIS #server #China #statesponsored #FlaxTyphoon #espionage #SOE #objectextension #hidden #payload #backups #risk #hazard #restapi #credentials #flaw #malicious #persistence -
SOE-phisticated Persistence: Inside Flax Typhoon's ArcGIS Compromise
#FlaxTyphoon
https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise -
"Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.
The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded, Beijing-based company known as Integrity Technology Group.
"The group cleverly modified a geo-mapping application's Java server object extension (SOE) into a functioning web shell," the cybersecurity company said in a report shared with The Hacker News. "By gating access with a hardcoded key for exclusive control and embedding it in system backups, they achieved deep, long-term persistence that could survive a full system recovery.""
https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html
#China #CyberSecurity #Hacking #FlaxTyphoon #Backdoors #ArcGIS #Java
-
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web – Source: securityaffairs.com https://ciso2ciso.com/paraguay-suffered-data-breach-7-4-million-citizen-records-leaked-on-dark-web-source-securityaffairs-com/ #rssfeedpostgeneratorecho #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #FlaxTyphoon #hackingnews #DataBreach #Paraguay #Security #DarkWeb #hacking #APT
-
U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks – Source:hackread.com https://ciso2ciso.com/u-s-sanctions-chinese-cybersecurity-firm-over-cyberattacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttack #FlaxTyphoon #CyberCrime #Technology #Hackread #security #China
-
U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks https://hackread.com/us-sanctions-chinese-cybersecurity-firm-cyberattacks/ #Cybersecurity #CyberAttack #FlaxTyphoon #CyberCrime #Technology #Security #China
-
US Sanctions Chinese Firm Linked to Flax Typhoon Attacks on Critical Infrastructure – Source: www.securityweek.com https://ciso2ciso.com/us-sanctions-chinese-firm-linked-to-flax-typhoon-attacks-on-critical-infrastructure-source-www-securityweek-com/ #rssfeedpostgeneratorecho #criticalinfrastructure #CyberSecurityNews #securityweekcom #IntegrityTech #securityweek #FlaxTyphoon #NationState #Sanctions #FEATURED #China
-
US Sanctions Chinese Firm Linked to Flax Typhoon Attacks on Critical Infrastructure https://www.securityweek.com/us-sanctions-chinese-firm-linked-to-flax-typhoon-attacks-on-critical-infrastructure/ #criticalinfrastructure #IntegrityTech #Nation-State #FlaxTyphoon #sanctions #Featured #China
-
US Sanctions Chinese Firm Linked to Flax Typhoon Attacks on Critical Infrastructure https://www.securityweek.com/us-sanctions-chinese-firm-linked-to-flax-typhoon-attacks-on-critical-infrastructure/ #criticalinfrastructure #IntegrityTech #Nation-State #FlaxTyphoon #sanctions #Featured #China
-
US Sanctions Chinese Firm Linked to Seized #Botnet - Slashdot
#flaxtyphoon #privacy #China -
US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT – Source: securityaffairs.com https://ciso2ciso.com/us-treasury-department-sanctioned-chinese-cybersecurity-firm-linked-to-flax-typhoon-apt-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #Cyberwarfare #Intelligence #SecurityNews #FlaxTyphoon #hacking
-
#Treasury Dept. Hits Chinese Tech Company With Sanctions After #Breach
In September, the F.B.I. said it had taken down a network of 200,000 consumer devices in the U.S. and abroad that had been compromised with #malware and weaponized by #FlaxTyphoon , a Chinese #hacking group.
#China #fbihttps://www.nytimes.com/2025/01/03/us/politics/treasury-chinese-sanctions.html
-
China’s Salt Typhoon Hacks AT&T and Verizon, Accessing Wiretap Data: Report https://hackread.com/china-salt-typhoon-hacks-att-verizon-wiretap-data/ #Cybersecurity #CyberAttacks #HackingNews #CyberAttack #FlaxTyphoon #SaltTyphoon #VoltTyphoon #Security #Verizon #China #ATT
-
US government 'took control' of a botnet run by Chinese government hackers, says FBI director | TechCrunch
https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/(And BTW the Microsoft Digital Crimes Unit initially uncovered Flax Typhoon & coordinated with the FBI.
https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/ )#cybersecurity #Microsoft #flaxtyphoon #msftadvocate #botnet
-
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon https://www.securityweek.com/us-disrupts-raptor-train-botnet-of-chinese-apt-flax-typhoon/ #Tracking&LawEnforcement #Nation-State #FlaxTyphoon #RaptorTrain #Featured #takedown #botnet #China
-
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon https://www.securityweek.com/us-disrupts-raptor-train-botnet-of-chinese-apt-flax-typhoon/ #Tracking&LawEnforcement #Nation-State #FlaxTyphoon #RaptorTrain #Featured #takedown #botnet #China
-
FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices https://hackread.com/fbi-dismantles-chinese-botnet-of-iot-devices/ #Cybersecurity #CyberAttack #FlaxTyphoon #Security #Malware #Botnet #China #FBI #IoT #USA
-
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military https://www.securityweek.com/chinese-spies-built-massive-botnet-of-iot-devices-to-target-us-taiwan-military/ #Malware&Threats #BlackLotusLabs #NationState #FlaxTyphoon #RaptorTrain #Nosedive #Sparrow #botnet
-
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military https://www.securityweek.com/chinese-spies-built-massive-botnet-of-iot-devices-to-target-us-taiwan-military/ #Malware&Threats #BlackLotusLabs #NationState #FlaxTyphoon #RaptorTrain #Nosedive #Sparrow #botnet
-
*So, "Integrity Technology Group," nice choice of name there.
#FlaxTyphoon #RedJuliett, #EtherealPanda #cyberwar #InternetofThings #botnet
https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday
-
Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday