Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Oct 14, 2025
Cyber Espionage / Network Security
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon , which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded, Beijing-based company known as Integrity Technology Group. "The group cleverly modified a geo-mapping application's Java server object extension (SOE) into a functioning web shell," the cybersecurity company said in a report shared with The Hacker News. "By gating access with a hardcoded key for exclusive control and embedding it in system backups, they achieved deep, long-term persistence that could survive a full system recovery." Flax Typhoon is known for living up to the "stealth" in its tradecraft by extensively incorporating living-off-the-l...
