All news with #iis servers tag

China-linked Hackers Reuse Legacy Flaws to Backdoor Targets

🔍 Symantec and Carbon Black attributed a mid‑April 2025 intrusion to a China-linked threat cluster that targeted a U.S. nonprofit engaged in influencing policy, using mass scanning and multiple legacy exploits (including CVE-2021-44228, CVE-2017-9805, and Atlassian flaws) to gain initial access. The intruders established stealthy persistence via scheduled tasks that invoked legitimate binaries (msbuild.exe, csc.exe), injected code to reach a C2 at 38.180.83[.]166, and sideloaded a DLL through a Vipre component to run an in-memory RAT. Researchers linked the loader to China-aligned clusters such as Salt Typhoon and warned of broader reuse of legacy vulnerabilities and IIS/ASP.NET misconfigurations for long-term backdoors.