Recent investigations reveal that threat actors are targeting Internet Information Services (IIS) servers across Asia as part of a financially driven SEO manipulation campaign to install the BadIIS malware. This campaign primarily targets servers in various sectors including government and technology within countries like India and Japan. The malware allows attackers to serve modified content, redirecting users to illegal gambling sites. Trends suggest that these activities are connected to a Chinese-speaking group named DragonRank, noted for similar SEO strategies and association with other malicious entities.
Targets of the campaign include IIS servers located in Asia, which are associated with government, universities, technology companies, and telecommunications sectors. Requests to compromised servers can serve altered content.
It's suspected that the activity is the work of a Chinese-speaking threat group known as DragonRank, delivering malware via SEO manipulation schemes.
Collection
[
|
...
]