Cybersecurity researchers have exposed a Chinese-speaking cybercrime group known as UAT-8099. This group is linked to search engine optimization fraud, where they manipulate search engine rankings for illicit gain. Additionally, they steal high-value credentials, configuration files, and certificate data, which can facilitate further attacks or unauthorized access.
Most of UAT-8099’s attacks target Microsoft Internet Information Services (IIS) servers, indicating a specific focus on exploiting vulnerabilities in this server platform. The majority of infections have been reported in India and Thailand, showing a regional concentration of activity. This suggests targeted campaigns that could be part of a larger strategy to exploit critical infrastructure in these countries.
The risks posed by such groups include compromised data integrity, unauthorized access to sensitive data, and potential disruption of web services. Organizations using IIS servers should prioritize security updates and monitoring to defend against this threat. The implications extend to global cybersecurity as attackers continuously evolve their tactics to exploit widely-used technologies and regions with significant internet infrastructure.
👉 Pročitaj original: The Hacker News
