Chinese-Speaking Group Manipulates SEO with BadIIS

SUMMARY :

A Chinese-speaking group is conducting an SEO manipulation campaign in Asia using BadIIS malware. The campaign targets vulnerable Internet Information Services (IIS) servers, compromising them to redirect users to illegal gambling sites or malicious servers. Affected regions include India, Thailand, Vietnam, and others, with government, universities, and tech sectors being targeted. The malware can alter HTTP responses, inject suspicious JavaScript, and perform SEO fraud. This campaign highlights the need for organizations to update and patch IIS systems, monitor for abnormal installations, restrict administrative access, and implement strong security measures to mitigate risks.

OPENCTI LABELS :

badiis,malware injection,seo manipulation,iis exploitation,asia,gambling websites


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Chinese-Speaking Group Manipulates SEO with BadIIS