Threat Research

    Dissecting UAT-8099: New Persistence Mechanisms and Regional Focus

    UAT-8099 is an active threat actor targeting vulnerable Internet Information Services (IIS) servers across Asia, with a strong focus on Thailand and Vietnam from late 2025 to early 2026. The campaign shows significant overlap with the WEBJACK operation, sharing malware hashes, C2 infrastructure, and victimology....
    1/30/2026  0
    Read More »

    UAT-8099: Chinese-Speaking Cybercrime Group Targets High-Value IIS for SEO Fraud

    UAT-8099 is a Chinese-speaking cybercrime group targeting high-value IIS servers in countries like India, Thailand, Vietnam, Canada, and Brazil to conduct SEO fraud and steal credentials, config files, and certificates. They use web shells, Cobalt Strike, and BadIIS malware to manipulate search rankings and maintain persistence....
    10/3/2025  0
    Read More »

    Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

    The Earth Kurma APT campaign targets government and telecommunications sectors in Southeast Asia, particularly in the Philippines, Vietnam, Thailand, and Malaysia. This sophisticated attack uses advanced malware, including custom rootkits and cloud storage for data exfiltration....
    4/28/2025  0
    Read More »

    Chinese-Speaking Group Manipulates SEO with BadIIS

    Our researchers identified an SEO manipulation campaign emphasizing the importance of organizations using Internet Information Services (IIS) to stay updated and patched to prevent exploitation by malware like BadIIS. The campaign appears financially motivated, as it redirects users to illegal gambling websites, indicating attackers deploy BadIIS for profit....
    2/10/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.