Chinese Cybercriminals Hijack IIS Servers for SEO Fraud
🔍 A Chinese-speaking cybercrime group tracked as UAT-8099 is hijacking trusted Microsoft IIS servers worldwide to run SEO scams that redirect users to unauthorized adverts and illegal gambling sites. According to Cisco Talos, attackers exploit server vulnerabilities, upload web shells, and conduct reconnaissance before enabling the guest account, escalating privileges and activating RDP. For persistence they deploy SoftEther VPN, EasyTier and the FRP reverse proxy and install the BadIIS malware variants designed to evade detection.
