Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

GoToHTTP

China-linked UAT-8099 targets IIS servers in Asia with BadIIS SEO fraud

Cybercrime, News, Research, Vulnerabilities

January 30, 2026

Researchers found a late 2025 to early 2026 campaign by UAT-8099 that used web shells and BadIIS malware to run SEO fraud on IIS servers, concentrating attacks in Thailand and Vietnam.
GhostRedirector threat cluster compromises 65 Windows servers, deploys Rungan backdoor and Gamshen IIS module for SEO fraud

Cybercrime, News, Research

September 5, 2025

A fresh threat cluster named GhostRedirector has compromised at least 65 Windows servers, deploying a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud, according to ESET researchers. The campaign shows SQL injection-based initial access, PowerShell-based tool delivery, and persistence through multiple remote-access tools, with a China-aligned attribution considered plausible…

About
Editorial Policy
Privacy
Contact