{"id":223413,"date":"2025-10-15T03:11:31","date_gmt":"2025-10-15T08:11:31","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/chinese-hackers-exploit-arcgis-server-as-backdoor-for-over-a-year"},"modified":"2025-10-15T03:11:31","modified_gmt":"2025-10-15T08:11:31","slug":"chinese-hackers-exploit-arcgis-server-as-backdoor-for-over-a-year","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/chinese-hackers-exploit-arcgis-server-as-backdoor-for-over-a-year","title":{"rendered":"Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/chinese-hackers-exploit-arcgis-server-as-backdoor-for-over-a-year2.jpg\"><\/a><\/p>\n<p>\u201cThis attack highlights not just the creativity and sophistication of attackers but also the danger of trusted system functionality being weaponized to evade traditional detection,\u201d the researchers noted. \u201cIt\u2019s not just about spotting malicious activity; it\u2019s about recognizing how legitimate tools and processes can be manipulated and turned against you.\u201d<\/p>\n<p>ReliaQuest told The Hacker News it cannot share any further details regarding when the attack commenced other than noting that the attackers had access to the system for over a year.<\/p>\n<p>\u201cThe threat actor likely resorted to this method over an N-day flaw for a simple reason: why use an exploit if they didn\u2019t have to?,\u201d it pointed out. \u201cThey likely gained initial access through a weak administrator password and then repurposed a software component into a backdoor.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThis attack highlights not just the creativity and sophistication of attackers but also the danger of trusted system functionality being weaponized to evade traditional detection,\u201d the researchers noted. \u201cIt\u2019s not just about spotting malicious activity; it\u2019s about recognizing how legitimate tools and processes can be manipulated and turned against you.\u201d ReliaQuest told The Hacker News [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-223413","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=223413"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223413\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=223413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=223413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=223413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}