There was an ongoing quiet, methodical campaign unfolding across many sections of the web infrastructure in Asia by the spring of 2025, a campaign which did not rely on loud disruptions or overt destruction, but instead relied on subtle manipulation of trust.
Cisco Talos researchers have discovered evidence that a Chinese-speaking threat group known as UAT-8099 has been systematically infiltrating vulnerable Microsoft Internet Information Services (IIS) servers that hold established credibility within their region’s digital eco-systems as a result of ongoing campaign of spam attacks.
In contrast to targeting any system that could be compromised indiscriminately, the attackers opted for high-reputation servers, leveraging the ranking of such servers to manipulate search engine results and generate illicit revenue rather than targeting every exposed system.
With a specialized SEO fraud operation, UAT-8099 also combined its manipulation with deeper post-compromised activity by accessing compromised systems with Remote Desktop Protocol access and searching for sensitive certificates, credentials, configuration files, and logs, assets which could be repurposed in follow-on attacks or aquired quietly into underground markets, making it a powerful enterprise.
In this instance, it unde
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: