Recently, a hacker organization funded by the Chinese Communist Party (CCP) was discovered to have infiltrated the most commonly used map software by governments and businesses worldwide. The hackers turned the Geographic Information System (GIS) software ArcGIS developed by the American company ESRI into a backdoor for the CCP.
According to ESRI’s official website, “70% of the world’s largest enterprises, 95% of major national governments, and 80% of major cities are using ArcGIS.” This software is used in various fields such as energy and water infrastructure, military purposes, market analysis, asset allocation, and is particularly valuable for geographic spatial visualization and statistical analysis. ESRI states that its public safety and security features include “enhancing situational awareness through precise real-time location data.”
The hacker group known as “Flax Typhoon” was able to ensure that even if users uninstall and reinstall the ArcGIS software, the virus would still re-infect the user’s computer. A cybersecurity organization named ReliaQuest discovered this recent hacking attack. “Flax Typhoon” is one of the CCP’s four major Advanced Persistent Threat (APT) network organizations, all aligned with CCP’s strategic goals, including cyber espionage activities and attacking critical infrastructure in the United States.
The extent of damages caused by “Flax Typhoon” over the years is immense and difficult to quantify. Additionally, due to the CCP’s disregard for international norms and intellectual property laws, the United States suffers annual losses of up to $600 billion due to intellectual property theft.
Unlike most hackers downloading malicious software files, “Flax Typhoon” tends to use Internet of Things (IoT) devices as initial entry points and then hides malicious software in trusted remote access software. Such attacks can only be detected through monitoring the abnormal behavior of legitimate software. If hackers are waiting for a major event (such as wartime disruption of the U.S. economy and critical infrastructure), this abnormal behavior might not occur for years.
Microsoft and the U.S. Department of the Treasury have stated that “Flax Typhoon” has posed a threat at least since mid-2021. In 2023, Microsoft first warned of this organization’s advanced and secretive hacking operations, pinpointing “Flax Typhoon” in China, with activities overlapping with an organization called “Ethereal Panda.”
Initially targeting government departments and businesses in Taiwan, “Flax Typhoon” quickly proved its attack methods to be highly effective against various global targets. The U.S. Treasury Department noted that “Flax Typhoon” has infiltrated computer networks in North America, Europe, Africa, and Asia.
Last fall, the Federal Bureau of Investigation (FBI) successfully dismantled a massive zombie network controlled by “Flax Typhoon,” which infected thousands of interconnected computers, cameras, and storage devices. Approximately half of the infected devices were located in the U.S., including government, businesses, academic institutions, and media. The goal of “Flax Typhoon” was to steal data from these devices and take control of their computers.
After obtaining judicial authorization, the FBI conducted white-hat hacker operations to disinfect thousands of users’ computers without their prior knowledge. This was considered the best approach to take action without alerting “Flax Typhoon.” If the operation had been exposed beforehand, “Flax Typhoon” could have damaged these computers before the FBI’s intervention.
Former FBI Director Christopher Wray revealed that the hacker organization’s ironically named “Yongxin Technology Group” openly admitted to collecting intelligence for the Chinese Ministry of State Security over the years. Just four months later, in the following January, the U.S. Treasury Department sanctioned the group but not the CCP. As with all CCP entities, “Flax Typhoon,” ultimately directed by the CCP, executed malicious actions.
The sanctions imposed by the U.S. on Yongxin Technology Group were insufficient and too late. The Treasury Department stated in its sanctions announcement that “the ultimate goal of sanctions is not punishment but to promote positive behavioral change,” a typical feeble action. However, such idealism seems unrealistic when dealing with the CCP and its numerous controlled entities.
Following the CCP’s infliction of trillions of dollars in losses upon American citizens, including intellectual property theft, cyber-attacks, espionage activities, and the $18 trillion economic loss caused solely by the COVID-19 pandemic, the U.S. government should adopt a tougher stance towards the entire CCP regime. However, Washington seems insufficiently focused on recovering these losses, let alone thoroughly curbing this major threat to the U.S. When time stands on the opponent’s side, Washington’s whack-a-mole tactics undoubtedly represent a failed strategy.