Summary: Threat actors are targeting Internet Information Services (IIS) servers across Asia for a financially motivated campaign involving the installation of BadIIS malware. This malware enables redirections to illegal gambling websites and connects users to rogue servers, impacting organizations like government and tech firms. The threat is associated with a Chinese-speaking group known as DragonRank, previously linked to similar SEO manipulation schemes.
Affected: IIS servers in Asia (India, Thailand, Vietnam, Philippines, Singapore, Taiwan, South Korea, Japan, Brazil)
Keypoints :
- Malware campaign likely financially motivated, redirecting users to illegal gambling sites.
- Targets include government, universities, technology companies, and telecommunications sectors.
- DragonRank group suspected to be behind the attacks, with similarities to prior malware delivered via SEO schemes.
- Infrastructure laundering linked to the Funnull CDN, acquiring IPs from mainstream providers for hosting criminal activities.
- Continuous acquisition of new IPs suggests ongoing fraudulent activities for infrastructure support.
Source: https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html