China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services IIS servers located across Asia, bu...

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Interne...

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...

Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud

DragonRank, a Chinese-speaking hacking group, has compromised 30+ Windows servers globally. They exploit IIS vulnerabilities to manipulate SEO…...

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization SEO rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimolog...