Chinese hackers target Windows servers with SEO poisoning campaign

Hackers are taking advantage of vulnerable servers to take over websites, and use them to steal people’s credentials, deploy malware, and more.

A report from Cisco Talos, who have been tracking the activity for some time now, revealed the group would first seek out vulnerable web application services such as phpMyAdmin, WordPress, or similar. Then, they would use the vulnerabilities to deploy a web shell which grants them control over the server.

Finally, the web shell allows them to collect system information, or deploy additional malware such as PlugX, or BadIIS, or to run different infostealers such as Mimikatz, GodPotato, and others. To get people to visit the infected websites, the group uses SEO poisoning, pushing the sites higher up on search engine results pages.

DragonRank

The researchers are dubbing the new threat “DragonRank”. They believe the group is targeting mostly organizations in Asia, with a few victims found in Europe, as well. So far, the malware was spotted in Thailand, India, Korea, Belgium, the Netherlands, and China.

The victims come from all sorts of industries, including jewelry, media, research services, healthcare, video and television production, manufacturing, transportation, religious and spiritual organizations, IT services, international affairs, agriculture, sports, and even niche markets like feng shui.

All of this leads the researchers to conclude that DragonRank doesn’t really have a particular target and just looks to compromise as many organizations as possible.

So far, more than 35 IIS servers were compromised, and deployed the BadIIS malware, the researchers concluded. BadIIS was first discovered in 2020, and it acts as a backdoor that grants unauthorized access to compromised servers. One of its key features is stealth, since it uses advanced techniques to evade detection.

Since the group has a commercial website, a business model, and instant message accounts, the researchers concluded that the group is most likely of Chinese origin.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/Dtd9CSn6K6jfEdpnzch4zj-1200-80.jpg

Source link

Storage, not GPUs, is the biggest challenge to AI says influential report — lack of bits and bytes is what could make or break...

Netflix pushes The Witcher: Sirens of the Deep movie’s release date into early 2025, and I think it’s for the best

The Samsung Galaxy Watch 6 Classic falls to a record-low price

Do Emissions Credits Skew Sustainability Reporting?

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump reverses position, vows to ‘get SALT back’

US urges leniency for FTX’s Caroline Ellison, cites help against Bankman-Fried By Reuters

Joe Rogan says Kamala Harris is ‘nailing it’ against Trump

Oracle’s Larry Ellison dethrones Jeff Bezos as world’s second-richest man

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Chinese hackers target Windows servers with SEO poisoning campaign

Trump reverses position, vows to ‘get SALT back’

US urges leniency for FTX’s Caroline Ellison, cites help against Bankman-Fried By Reuters

Joe Rogan says Kamala Harris is ‘nailing it’ against Trump

Oracle’s Larry Ellison dethrones Jeff Bezos as world’s second-richest man

Leave a reply Cancel reply