Telecommunications providers, technology firms, universities, and other organizations in Canada, Brazil, India, Thailand, and Vietnam had their Internet Information Services servers targeted by the Chinese-speaking cybercrime operation UAT-8099 to launch an SEO fraud campaign mostly aimed at mobile users, according to Infosecurity Magazine.Both Android and iOS users have been subjected to the attacks, which commence with web shell injections in vulnerable IIS servers to facilitate system data gathering and network reconnaissance, a Cisco Talos report revealed.Information collection efforts are followed by the activation of the guest account, the escalation of its privileges, and subsequent remote desktop protocol mobilization, with persistence enabled by RDP access and the EasyTier, SoftEther VPN, and FRP reverse proxy tools.Additional findings revealed multiple novel BadIIS malware variants, which better bypass antivirus systems through an updated code structure and functional workflow, compared with earlier BadIIS iterations.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




