A Chinese-speaking cybercrime group is aggressively targeting vulnerable Internet Information Server (IIS) web servers for use in search engine optimization (SEO) fraud, as well as for the theft of high-value data, researchers at Cisco Talos have warned.
The servers most at risk from attacks right now are in universities, technology companies, and telecom providers in India, Thailand, Vietnam, Canada, and Brazil, the company said.
This targeting isn’t coincidental; the group, identified as UAT-8099, chooses its victims for their high domain and IP reputation, which makes it less likely SEO fraud activity will be detected or blocked.
