China-linked cyber operations

Researchers say Chinese-speaking group UAT-8099 uses IIS servers for global SEO fraud

Cybercrime, Research, Risk, Vulnerabilities

October 6, 2025

Researchers say a Chinese-speaking group dubbed UAT-8099 has been exploiting Microsoft IIS servers to run SEO fraud and steal credentials and certificate data, using web shells, Cobalt Strike and a modified BadIIS backdoor across targets in Asia and the Americas.
Unit 42 says China-aligned actor ‘Phantom Taurus’ has targeted government and telecom organisations in Africa, Middle East and Asia

Cybercrime, News, Research, Risk

October 1, 2025

Palo Alto Networks’ Unit 42 said a China-aligned actor it calls ‘Phantom Taurus’ has conducted an ongoing espionage campaign against government and telecom organisations across Africa, the Middle East and Asia, using bespoke .NET malware against IIS servers and tools to exfiltrate database content.
China-linked BRICKSTORM attackers conduct long-running espionage campaign against U.S. tech firms, Mandiant says

Cybercrime, News, Risk, Vendors

September 25, 2025

Mandiant identifies BRICKSTORM, a China-linked threat group running a long-running espionage campaign against U.S. tech firms, using a Go-based malware to target Linux and BSD systems, with a focus on SaaS providers and other high-value targets, and urges vendors to adopt zero-trust architectures.