Threat Research

    Canadian Traffic Ticket Search Portal Phishing Through SEO Poisoning

    A phishing campaign is leveraging SEO poisoning to push fake traffic ticket search portals to the top of search engine results. The fraudulent sites impersonate the Government of Canada and multiple provincial agencies to lure victims into searching for and paying supposed outstanding traffic violations....
    2/2/2026  0
    Read More »

    Attack Chain Targets Users Searching for Legitimate Tools

    We uncovered an attack chain that uses SEO poisoning to lure users searching for legitimate software. Threat actors abuse GitHub by hosting malicious ZIP files in fake repositories. These archives impersonate real applications and include a harmful batch (.bat) file....
    1/28/2026  0
    Read More »

    Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign

    In March 2025, we identified an SEO poisoning campaign, likely operated by a Chinese-speaking threat actor, dubbed “Operation Rewrite.” This activity cluster, tracked as CL-UNK-1037, overlaps with known campaigns like “Group 9” and “DragonRank.” Attackers used a malicious IIS module called BadIIS to hijack web traffic via compromised servers....
    9/23/2025  0
    Read More »

    SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites

    In August 2025, Labs uncovered an SEO poisoning campaign targeting Chinese-speaking users. The attackers boosted the search rankings of malicious sites using SEO plugins and registered deceptive domains that closely resembled legitimate software websites....
    9/15/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.