SoftEther VPN

Researchers say Chinese-speaking group UAT-8099 uses IIS servers for global SEO fraud

Cybercrime, Research, Risk, Vulnerabilities

October 6, 2025

Researchers say a Chinese-speaking group dubbed UAT-8099 has been exploiting Microsoft IIS servers to run SEO fraud and steal credentials and certificate data, using web shells, Cobalt Strike and a modified BadIIS backdoor across targets in Asia and the Americas.
Taiwan Web Infrastructure Targeted by UAT-7237, Cisco Talos Says

Cybercrime, News, Research, Risk, Vulnerabilities

August 16, 2025

Cisco Talos links a China-aligned APT cluster, UAT-7237, to attacks on Taiwan’s web infrastructure, using customized open-source tooling and a SoundBill shellcode loader to deploy backdoors and credentials-stealing utilities. The operation, active since 2022 and considered a sub-group of UAT-5918, also employs VPN persistence and RDP access, with updates to embed Mimikatz and broader lateral…