Threat Research

    Dissecting UAT-8099: New Persistence Mechanisms and Regional Focus

    UAT-8099 is an active threat actor targeting vulnerable Internet Information Services (IIS) servers across Asia, with a strong focus on Thailand and Vietnam from late 2025 to early 2026. The campaign shows significant overlap with the WEBJACK operation, sharing malware hashes, C2 infrastructure, and victimology....
    1/30/2026  0
    Read More »

    UAT-8099: Chinese-Speaking Cybercrime Group Targets High-Value IIS for SEO Fraud

    UAT-8099 is a Chinese-speaking cybercrime group targeting high-value IIS servers in countries like India, Thailand, Vietnam, Canada, and Brazil to conduct SEO fraud and steal credentials, config files, and certificates. They use web shells, Cobalt Strike, and BadIIS malware to manipulate search rankings and maintain persistence....
    10/3/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.