Commentary
.
A state-sponsored hacker group from China was recently discovered to have hacked the most common
mapping software used by governments and corporations around the world. The hackers turned the ESRI software, called ArcGIS, into a backdoor for the regime in Beijing.
“ArcGIS is used by 70% of the largest global companies, 95% of the largest national governments, and 80% of the largest cities,” according to the ESRI website. The software can be used for energy and water infrastructure, military purposes, market analysis, asset allocation, and many other functions that require geospatial visualization or statistical analysis. Its public safety and security functions include enhanced “situational awareness with precise real-time location data,” according to ESRI.
The hacker group, called Flax Typhoon, ensured that even when users removed and reinstalled the
ArcGIS software, the new software would reinfect the user’s computer. A cybersecurity group called ReliaQuest discovered the hack. Flax Typhoon is one of China’s top-four advanced persistent threat (APT) cyber groups, all of which are aligned with the goals of the Chinese Communist Party (CCP), including cyberespionage and attacks on U.S. critical infrastructure.
.
The scale of the damage Flax Typhoon has caused over the years is substantial but difficult to calculate. It overlaps with up to
$600 billion in intellectual property theft sustained annually by the United States due to the CCP’s flouting of international norms and property law.
.
Rather than download malware files as most hackers do,
Flax Typhoon tends to focus on the Internet of Things (IoT) for initial entry, after which it hides its malware within trusted remote access software. Such attacks can generally only be detected by observing abnormal behavior by legitimate software, which may not occur for years if the hackers are lying in wait for a major event, for example, to damage the U.S. economy and critical infrastructure during wartime.
.
Flax Typhoon has been a threat since at least mid-2021, according to Microsoft and the Treasury Department. Microsoft first warned of the group’s advanced, stealthy hacking in 2023, noting that Flax Typhoon was based in China and that its activities overlapped with those of a group called “
Ethereal Panda.”
Flax Typhoon initially targeted the Taiwanese government and corporations in Taiwan. This was likely for espionage purposes, according to Microsoft. But its methods quickly revealed themselves as highly effective against other global targets. The U.S. Treasury Department has noted that “Flax Typhoon has compromised computer networks in North America, Europe, Africa, and across Asia.”
Last fall, the
FBI took down a massive Flax Typhoon botnet that had infected thousands of internet-connected computers, cameras, and drives. Half of the devices were in the United States, including those used by government, corporate, academic, and media victims. Flax Typhoon’s goal was to steal their data and take control of their computers.
The FBI did some of its own white hat hacking, with a judge’s approval, and disinfected thousands of user computers without their advance knowledge. There was no better way to do it without alerting Flax Typhoon, which, if it were known, could have damaged the computers in advance of the takedown.
Then-FBI Director Christopher Wray said at the time that the hacking group’s real, and highly ironic, name is the “Integrity Technology Group,” known as Integrity Tech. He said that the group’s chairman “has publicly admitted that for years his company has collected intelligence and performed reconnaissance for Chinese government security agencies.” Only four months later, in January, did the U.S. Treasury Department
sanction the group, without sanctioning the CCP. Flax Typhoon, like all Chinese regime entities, ultimately gets direction from the CCP for its malign activities.
The U.S. sanctions were too little, too late. The Treasury Department’s velvet-glove approach is typified by its statement in the Integrity Tech sanction that, “The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior.” When it comes to the CCP and the many entities it controls, this is unrealistic idealism.
After trillions of dollars of damage to U.S. citizens from the CCP—including IP theft, hacking, espionage, and
$18 trillion from the COVID-19 pandemic alone—the U.S. government ought to be much tougher on the entire regime in Beijing. Yet Washington does not seem sufficiently focused on recouping these losses, much less on permanently defeating the growing power of this greatest threat to America. Washington’s whack-a-mole tactics are a failing strategy when time is on the adversary’s side.
.
Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
.
Udumbara
